This is the accessible text file for GAO report number GAO-12-828
entitled 'Freedom of Information Act: Additional Actions Can
Strengthen Agency Efforts to Improve Management' which was released on
August 30, 2012.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
United States Government Accountability Office:
GAO:
Report to the Committee on Oversight and Government Reform:
House of Representatives:
July 2012:
Freedom of Information Act:
Additional Actions Can Strengthen Agency Efforts to Improve Management:
GAO-12-828:
GAO Highlights:
Highlights of GAO-12-828, a report to the Committee on Oversight and
Government Reform, House of Representatives.
Why GAO Did This Study:
In March 2009, the Attorney General issued guidelines that encouraged
agencies to release records requested under FOIA, improve
administration of their FOIA operations, and ensure timely disclosure
of information to the public. In light of this guidance, GAO was asked
to determine: (1) What actions have agencies taken to manage their
FOIA programs, including reducing backlogs and use of exemptions,
pursuant to the Attorney General’s 2009 FOIA guidelines, and what have
been the results of these actions? (2) What actions have agencies
taken to make records available to the public by electronic means,
pursuant to the e-FOIA Amendments of 1996? (3) To what extent have
agencies implemented technology to support FOIA processing?
To respond to this request, GAO analyzed statistics and documents,
reviewed FOIA libraries, and conducted interviews with officials at 16
agency components within the Departments of Homeland Security,
Defense, Justice, and Health and Human Services—-the four agencies
that received the most FOIA requests in fiscal year 2010.
What GAO Found:
The major components of the Departments of Homeland Security, Defense,
Justice, and Health and Human Services have taken a variety of actions
to improve management of their Freedom of Information Act (FOIA)
programs. To reduce their backlogs of outstanding requests, agencies
have taken actions that include regularly reporting to management,
mobilizing extra resources, and streamlining procedures for responding
to requests. These actions have had mixed results. For example, since
2009, 10 of the 16 agency components in GAO’s study succeeded in
decreasing their backlogs, 2 had no material change, and the remaining
4 had larger backlogs. The agencies have also taken actions to reduce
their use of exemptions-—provisions of FOIA that allow agencies to
withhold certain types of information. Agencies’ actions to reduce
their use of exemptions included training, reviews, and guidance.
While 7 components reduced the rate at which they applied exemptions,
3 stayed about the same, and 6 had an increase.
The agency components are generally making records available to the
public online, either in their FOIA libraries (dedicated sections of
their websites for FOIA-related records) or elsewhere on their agency
websites, as required by amendments to the act, referred to as e-FOIA.
However, GAO’s review of FOIA libraries found that records may not be
easy for the public to locate when they are not in a library. Agency
components have used a variety of approaches, including frequent
content reviews, to proactively manage their libraries. However, GAO
determined that not all agency components are giving sufficient
attention to ensuring that frequently requested records are identified
and posted online, which has resulted in sparsely populated FOIA
libraries. Without consistent oversight and review of the information
posted to FOIA libraries, the most current agency efforts or decisions
may not be reflected and information can be difficult for the public
to locate. This can result in increased FOIA requests, contributing to
backlogs and administrative costs.
The agency components’ implementation of technology capabilities that
have been identified as best practices for FOIA processing—-such as
the use of a single tracking system and providing requesters the
ability to track the status of requests online-—has varied. The
agencies that have not yet implemented these capabilities generally
intend to do so. In addition, the agencies that GAO studied use
different FOIA processing systems that do not electronically exchange
data, which may necessitate manual exchanges of information among
agencies to process FOIA requests.
What GAO Recommends:
GAO is recommending that the four agencies improve the management of
their FOIA programs by ensuring that actions are taken to reduce
backlogs and use of exemptions, improve FOIA libraries, and implement
technology. In written comments on a draft of the report, the four
agencies agreed or generally agreed with the recommendations.
View [hyperlink, http://www.gao.gov/products/GAO-12-828]. For more
information, contact Valerie C. Melvin at (202) 512-6304 or
melvinv@gao.gov.
[End of section]
Contents:
Letter:
Background:
Agencies Have Generally Taken Actions to Improve their FOIA Programs,
but Results Have Been Mixed:
Agency Components Generally Make Records Available Online, but
Approaches to Posting Frequently Requested Records Vary:
Agency Components Have Implemented Technology to Support FOIA
Processing to Varying Degrees:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Objectives, Scope, and Methodology:
Appendix II: Freedom of Information Act Exemptions:
Appendix III: Comments from the Department of Homeland Security:
Appendix IV: Comments from the Department of Defense:
Appendix V: Comments from the Department of Health and Human Services:
Appendix VI: Comments from the Department of Justice:
Appendix VII: Comments from the National Archives and Records
Administration:
Appendix VIII: GAO Contact and Staff Acknowledgments:
Tables:
Table 1: Agency Information Required to be Posted Online Pursuant to
the e-FOIA Amendments:
Table 2: Detailed View of Agency Components' Implementation of FOIA
Capabilities:
Figures:
Figure 1: Simplified FOIA Process:
Figure 2: Disposition of FOIA Requests during Fiscal Year 2011:
Figure 3: Number of Backlogged FOIA Requests by Agency Component, 2009-
2011 (in thousands):
Figure 4: Exemption Use by Agency Components from 2009 through 2011:
Abbreviations:
BOP: Federal Bureau of Prisons:
CBP: U.S. Customs and Border Protection:
CMS: Centers for Medicare and Medicaid Services:
DHS: Department of Homeland Security:
DHS/Privacy: Department of Homeland Security/Privacy Office:
DOD: Department of Defense:
e-FOIA: Electronic Freedom of Information Act (amendments):
EOIR: Executive Office for Immigration Review:
EPA: Environmental Protection Agency:
FBI: Federal Bureau of Investigation:
FDA: Food and Drug Administration:
FOIA: Freedom of Information Act:
HHS: Department of Health and Human Services:
HHS/OS: Department of Health and Human Services Office of the
Secretary:
ICE: Immigration and Customs Enforcement:
IT: information technology:
Justice: Department of Justice:
NARA: National Archives and Records Administration:
NIH: National Institutes of Health:
OGIS: Office of Government Information Services:
OIP: Office of Information Policy:
OSD/JS: Office of the Secretary of Defense and Joint Staff:
USCIS: U.S. Citizenship and Immigration Services:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
July 31, 2012:
The Honorable Darrell E. Issa:
Chairman:
The Honorable Elijah E. Cummings:
Ranking Member:
Committee on Oversight and Government Reform:
House of Representatives:
The Freedom of Information Act (FOIA)[Footnote 1] requires that
federal agencies provide the public with access to government records
and information on the basis of the principles of openness and
accountability in government. In this regard, each year hundreds of
thousands of FOIA requests are made to federal agencies--with the
information released in response to these requests contributing to the
disclosure of government waste, fraud, and abuse, as well as other
conditions, such as unsafe consumer products and harmful drugs. The e-
FOIA amendments of 1996 require, among other things, that agencies
make certain categories of records available to the public in
electronic format. Further, guidance issued by the Attorney General in
March 2009[Footnote 2] and related policies and guidance encourage
agencies to reduce their backlogs of FOIA requests, not withhold
records merely because they fall within the scope of a FOIA exemption,
improve administration of their FOIA operations, and ensure timely
disclosure of information to the public.
Given this guidance, you asked us to determine: (1) What actions have
agencies taken to manage their FOIA programs, including reducing
backlogs and use of exemptions, pursuant to the Attorney General's
2009 FOIA guidelines, and what have been the results of these actions?
(2) What actions have agencies taken to make records available to the
public by electronic means, pursuant to the e-FOIA amendments of 1996?
(3) To what extent have agencies implemented technology to support
FOIA processing?
To address these objectives, we analyzed published statistics and
documents, such as agency FOIA reports, and conducted interviews with
responsible officials at the four federal agencies that collectively
received more than 50 percent of all FOIA requests during fiscal year
2010: the Departments of Homeland Security (DHS), Defense (DOD),
Health and Human Services (HHS), and Justice. Because FOIA processing
at these agencies is decentralized to the agency component level, we
analyzed the FOIA policies, oversight, and processing activities of
each agency's central FOIA office and of the three components of each
agency that received the most FOIA requests.[Footnote 3]
* The DHS agency components are the Privacy Office (DHS/Privacy),
which functions as the department's central FOIA office, in addition
to the U.S. Citizenship and Immigration Service (USCIS), Immigration
and Customs Enforcement (ICE), and U.S. Customs and Border Protection
(CBP).
* The DOD agency components are the Office of the Secretary of Defense
and the Joint Staff (OSD/JS), which processes FOIA requests within the
department's central FOIA office, in addition to the Departments of
the Army, Navy, and Air Force.
* The HHS agency components are the Office of the Secretary (HHS/OS),
which functions as the department's central FOIA office, in addition
to the Centers for Medicare & Medicaid Services (CMS), the Food and
Drug Administration (FDA), and the National Institutes of Health (NIH).
* The Justice agency components are the Office of Information Policy
(OIP), which functions as the department's central FOIA office, in
addition to the Federal Bureau of Investigation (FBI), the Federal
Bureau of Prisons (BOP), and the Executive Office for Immigration
Review (EOIR).
To gauge agencies' actions and results since the Attorney General's
March 2009 memorandum, we analyzed data on backlogs and use of
exemptions from FOIA.gov for each of the agency components identified,
and examined agencies' annual FOIA reports for the years 2009 to 2011.
To evaluate agencies' actions to make records available by electronic
means, we compared materials posted on each agency component's FOIA
library with applicable requirements. To determine the extent to which
agencies have implemented technology to support FOIA processing, we
compared the capabilities of each agency component's processing system
with capabilities that the National Archives and Records
Administration's (NARA) Office of Government Information Services
(OGIS), OIP, and others have identified as useful.
We conducted this performance audit from September 2011 through July
2012 in accordance with generally accepted government auditing
standards. Those standards require that we plan and perform the audit
to obtain sufficient, appropriate evidence to provide a reasonable
basis for our findings and conclusions based on our audit objectives.
We believe that the evidence obtained provides a reasonable basis for
our findings and conclusions based on our audit objectives. See
appendix I for a more detailed description of our scope and
methodology.
Background:
FOIA establishes a legal right of access to government records and
information on the basis of the principles of openness and
accountability in government. Before the act was passed in 1966, the
government required individuals to demonstrate "a need to know" before
being granted the right to examine a federal record. FOIA established
a "right to know" standard, under which an organization or person
could receive access to information held by a federal agency without
demonstrating a need or reason. The "right to know" standard shifted
the burden of proof from the individual to government agencies and
required agencies to provide proper justification when denying a
request for access to a record.
Any "person," with a few narrow exceptions, or entity can file a FOIA
request, including foreign nationals, corporations, and organizations.
For example, a foreign national can request his or her alien files and
a commercial requester, which includes data brokers that file requests
on behalf of others, may request a copy of a government contract or
grant proposal. In response, an agency is required to provide the
relevant record(s) in any readily producible form or format specified
by the requester (unless the record falls within a permitted
exemption). FOIA generally allows agencies to collect fees for
searching and duplicating records in connection with responding to a
request. Government agencies can also disclose information through
"affirmative agency disclosure" by publishing information in the
Federal Register, on the Internet, or by making it available in a
reading room.[Footnote 4]
Justice and the National Archives and Records Administration Have FOIA-
Related Responsibilities:
Since it was established 30 years ago, Justice's OIP has been
responsible for encouraging compliance, overseeing agencies'
implementation of FOIA, and issuing policy guidance. For example, OIP
issues FOIA policy guidance, prepares a comprehensive guide addressing
various aspects of the act, conducts a variety of FOIA-related
training programs for personnel across the government, and offers FOIA
counseling services to government staff and the public.
In addition, the OPEN Government Act of 2007[Footnote 5] established
OGIS within NARA to oversee and assist agencies in implementing FOIA.
OGIS's responsibilities include reviewing agency policies and
procedures, reviewing agency compliance, recommending policy changes,
and offering mediation services.
FOIA Amendments and Guidance Are Intended to Improve Agencies' FOIA
Processing:
The 1996 e-FOIA amendments, among other things, sought to strengthen
the requirement that agencies respond to a request in a timely manner
and reduce their backlogs of pending requests. To that end, the
amendments made a number of procedural changes, including providing
requesters with an opportunity to limit the scope of their requests so
that they could be processed more quickly, and requiring agencies to
determine within 20 working days (an increase from the previously
established time frame of 10 days) whether a request would be
fulfilled.[Footnote 6] The amendments also authorized agencies to
multitrack requests, that is, to process simple and complex requests
concurrently on separate tracks to facilitate responding to a
relatively simple request more quickly.
In addition, the e-FOIA amendments encouraged online, public access to
government information by requiring agencies to make specific types of
records available in electronic form, including:
* agency final opinions, including concurring and dissenting opinions,
as well as orders made in the adjudication of cases;
* statements of policy and interpretations that have been adopted by
the agency and are not published in the Federal Register;
* administrative staff manuals and instructions to staff that affect a
member of the public; and:
* copies of records that have been released to any person through FOIA
and which, because of the nature of the subject matter, the agency
determines have become or are likely to become the subject of
subsequent requests for substantially the same records.[Footnote 7]
In 1998, OIP issued e-FOIA implementation guidance that, among other
things, called for agencies to organize an electronic reading room so
that the public could find records that are required to be posted and
to review electronic reading room content regularly--at least
quarterly--to ensure that it is accurate and current.[Footnote 8] In
addition, OIP's guidance on e-FOIA implementation specifies that once
an agency receives--or expects to receive--at least three FOIA
requests for a record, the agency is generally obligated to disclose
the record as a frequently requested document.
In a later effort to reduce agencies' backlogs of FOIA requests, in
December 2005, the President issued Executive Order 13392,[Footnote 9]
which set forth a directive for citizen-centered and results-oriented
FOIA. In particular, the order directed agencies to provide a
requester with courteous and appropriate service and ways to learn
about the FOIA process, the status of the request, and the public
availability of other agency records. The order also instructed
agencies to process requests efficiently, achieve measurable process
improvements (including a reduction in the backlog of overdue
requests), and reform programs that were not producing the appropriate
results.
To this end, the order--and the FOIA itself--directed each agency to
designate a senior official as the agency's Chief FOIA Officer. The
Chief FOIA Officer is responsible for ensuring agency-wide compliance
with the act by monitoring implementation throughout the agency;
recommending changes in policies, practices, staffing, and funding;
and reviewing and reporting on the agency's performance in
implementing FOIA to agency heads and to Justice. (These reports are
referred to as Chief FOIA Officer reports and are in addition to
agencies' annual FOIA reports that largely include statistics on FOIA
processing that agencies also submit to Justice.) In April 2006,
Justice's OIP issued guidance to assist federal agencies in
implementing the Executive Order's requirements for reviews and
improvement plans.[Footnote 10] The guidance suggested several
potential areas for agencies to consider when conducting their
reviews, such as automation of request tracking; automated processing
and receiving requests; responding to requests electronically; forms
of communication with requesters; and systems for handling referrals
to other agencies.
As previously mentioned, each agency is required to prepare and submit
to Justice an annual FOIA report that includes statistics on, among
other things, the number of FOIA denials, appeals, and requests
pending at the end of the fiscal year. The OPEN Government Act of 2007
amended FOIA in several ways, including requiring additional
statistics on timeliness in agencies' annual reports. The act also
called for agencies to establish a system to track the status of their
requests. OIP's subsequent guidance (issued May 2008) provided
information on responding to the requirements of the OPEN Government
Act, and directed agencies to omit certain Privacy Act requests, which
had previously been included, from their FOIA statistics.[Footnote 11]
More recently, in January 2009, the President issued two memorandums,
Transparency and Open Government[Footnote 12] and FOIA.[Footnote 13]
Both documents focused on increasing the amount of information made
public by the government. In particular, the FOIA memorandum directed
agencies to adopt a presumption in favor of disclosure in all FOIA
decisions, take affirmative steps to make information public, and use
modern technology to do so. This echoed Congress's finding, in passing
the OPEN Government Act, that FOIA establishes a "strong presumption
in favor of disclosure."
In March 2009, the Attorney General issued a FOIA policy memorandum,
echoing the President's call for increased disclosure of government
information by directing agencies to make information available online
without waiting for a specific FOIA request. In addition, OIP guidance
on these memos stated that agencies should implement systems and
establish procedures to routinely identify and systematically post
records appropriate for release. As noted by both the President and
the Attorney General, such proactive disclosures can not only improve
public access to government information, but potentially can reduce
the growing number of new FOIA requests. In addition, the memorandum
called for agencies to make discretionary disclosures and, as called
for in OIP's implementing guidance, analyze whether releasing
information would result in foreseeable harm before applying
exemptions. The agency is expected to release the information if no
harm would occur, unless disclosure is prohibited by law.
The Attorney General's memorandum reminded agencies of the OPEN
Government Act of 2007 requirement to establish a system to provide
individualized tracking numbers for requests that will take longer
than ten days to process and to establish a telephone line or internet
service to allow requesters to track the status of their request. To
help agencies meet this expectation, OIP and OGIS identified
capabilities that they consider to be best practices for FOIA
processing. Specifically, in September 2010, OIP issued guidance that
calls for, among other things, agencies and their components to use
technology to process requests electronically. Subsequently, in March
2011, OGIS issued FOIA best practices for agencies and their
components to use technology to, for example, receive requests
electronically, either by e-mail or online, and allow requesters to
easily check the status of their request. Further, in conjunction with
the Department of Commerce and the Environmental Protection Agency
(EPA), OGIS identified the following 13 system capabilities that
enhance FOIA processing:
* using a single, componentwide system for tracking requests;
* accepting the request online, either through e-mail or online
request forms;
* assigning the request tracking number and tracking the status of the
request electronically;
* multitracking requests electronically;
* routing requests to the responsible office electronically;
* storing and routing responsive records to the appropriate office
electronically;
* redacting responsive records with appropriate exemptions applied
electronically;
* calculating and recording processing fees electronically;
* allowing supervisors to review the case file to approve redactions
and fee calculations for processing electronically;
* generating system correspondence, such as e-mails or letters, with
requesters;
* allowing requesters the ability to track the status of their request
online;
* tracking appeals electronically; and:
* generating periodic reporting statistics, such as monthly backlog
and annual report data, used to develop reports.
Commerce, EPA, and OGIS also identified the need to support FOIA
processing functions that cross organizational boundaries. Such
functions include managing interagency referrals and consultations.
[Footnote 14]
FOIA Request Processing:
Agencies are generally required to make a determination on a FOIA
request within 20 working days. A request may be received in writing,
by telephone, or by electronic means. Once received, the request goes
through multiple phases, which include processing requests, searching
records, processing records, and releasing records. Figure 1 provides
an overview of the process, from the submission of a request to the
release of records.
Figure 1: Simplified FOIA Process:
[Refer to PDF for image: process illustration]
Requester submits request:
Intake processing:
* Receive request;
* Assign tracking number if appropriate;
* Determine if simple or complex;
* Acknowledge request.
Search for records:
* Initiate search in responsible office;
* Review responsive documents;
Process records:
* Conduct consultations;
* Make referrals;
* Determine applicable exemptions;
* Conduct foreseeable harm analysis;
* Redact and mark records.
Approve release of records:
* Review and approve records for release;
* Generate response letter.
Send response to requester.
Source: GAO analysis of agency information.
[End of figure]
During the intake phase, a request is to be logged into the agency
component's FOIA system, and a tracking number is assigned if the
request is estimated to require more than 10 days to address. The
request is then reviewed by the FOIA staff to determine its scope and
level of complexity.[Footnote 15] The agency then typically sends a
letter or e-mail to the requester acknowledging receipt of the
request; this typically includes a unique tracking number that the
requester can use to check on the status of the request.
The FOIA staff is then to begin its search to retrieve responsive
records by routing the request to the appropriate program office(s).
This step may include searching and reviewing paper and electronic
records from multiple locations and program offices.
The agency then processes the responsive records, which involves
consulting with other agencies as appropriate before releasing records
that originated there or referring records to another agency for its
disclosure determination and response to the requester. This includes
determining whether portions of any record should be withheld based on
statutory exemptions.[Footnote 16] Nine specific exemptions can be
applied to withhold, for example, classified, confidential commercial,
pre-decisional, privacy, and several types of law enforcement
information. (Appendix II provides a full listing of the FOIA
exemptions.) A request may be denied in full based on one or more
exemptions, or it may be partially granted, in which case information
may be blacked out (redacted). For example, a Social Security number
or other personally identifiable information may be redacted under the
exemption for protecting personal information. If no exemption is
applied, the request should be granted in full. Before applying
certain exemptions, agencies are to conduct a foreseeable harm
analysis to determine whether harm will occur if the information is
released.
Before approving the release of any records, they are to be reviewed
by a FOIA supervisor, general counsel, or other appropriate personnel
to ensure that the release is proper. Then a response letter is
generated for the requester, summarizing the agency's actions
regarding the request. Finally, the responsive record(s) are sent to
the requester via computer disk, e-mail, or paper. Throughout the FOIA
process, the agency is responsible for making information about the
status of the request available to the requester.
For fiscal year 2011, the 99 agencies that were required to submit
annual FOIA reports to Justice reported that 644,165 requests were
received and about 4,400 staff were devoted to FOIA processing.
According to the agencies' annual reports as aggregated on FOIA.gov,
the total reported cost of FOIA activities among the 99 agencies for
fiscal year 2011 was $436 million, of which about $6 million was
recovered through fees collected from requesters. The agencies
collectively reported responding to 631,424 requests. Of these,
236,474 (37 percent) were granted in full; 171,795 (27 percent) were
partially granted (i.e., some information was redacted based on one or
more exemptions); and 30,369 (5 percent) were denied in full based on
exemptions. The remaining 192,786 (31 percent) were denied for reasons
not based on exemptions, such as no responsive records were found or
the request was withdrawn. Figure 2 shows the disposition of requests
that agencies responded to in fiscal year 2011.
Figure 2: Disposition of FOIA Requests during Fiscal Year 2011:
[Refer to PDF for image: pie-chart]
Full grant: 37%;
Full denial: 5%;
Partial grant: 27%;
Denial not based on exemptions: 31%.
Source: GAO analysis based on FOIA.gov data.
[End of figure]
Previous GAO Reviews of FOIA Implementation Efforts:
We reported in 2007[Footnote 17] that agency plans for improving FOIA
processing had mostly included goals and timetables addressing the
areas of improvement emphasized by Executive Order 13392, which set
forth a directive for citizen-centered and results-oriented FOIA. Most
of the plans provided goals and timetables; some agencies omitted
goals in areas where they considered they were already strong. We
noted that all the plans focused on making measurable improvements and
formed a reasonable basis for carrying out the goals of the Executive
Order, although details of a few plans could be improved. Accordingly,
we made recommendations to strengthen selected improvement plans,
among other things. The agencies generally agreed with our
recommendations and took actions to address them.
Further, we reported in 2008 that, following the emphasis on backlog
reduction in the Executive Order and agency improvement plans, many
agencies had shown progress in decreasing their backlog of overdue
requests.[Footnote 18] However, we identified several factors that
contributed to the requests remaining open and recommended that
Justice provide additional guidance to agencies on tracking and
reporting overdue requests and planning to meet future backlog goals.
As we recommended, Justice's OIP developed guidance on tracking and
reporting backlogged requests.
In addition, in 2009 we reported that DHS had taken steps to enhance
its FOIA program, but that opportunities existed for the department to
improve the efficiency and cost-effectiveness of FOIA processing.
[Footnote 19] Specifically, we noted that implementation of key
practices, such as internal monitoring and oversight, component-
specific training, online status-checking, and electronic
dissemination of records, could facilitate the processing of
information requests at a number of its major components. Accordingly,
we recommended that key practices used by certain DHS components and
other agencies be implemented more consistently across the department.
DHS agreed with our recommendations and has taken steps to address
them.
Agencies Have Generally Taken Actions to Improve their FOIA Programs,
but Results Have Been Mixed:
Agencies have taken steps pursuant to the Attorney General's 2009
memorandum aimed at reducing the number of backlogged requests and the
use of exemptions. Steps taken to reduce backlogs include regular
reporting, mobilizing extra resources, and modifying procedures. Steps
taken to reduce use of exemptions include training, foreseeable harm
analyses, and reviews. While the majority of the agency components we
reviewed have reduced their backlogs, a few agencies have seen
substantial backlog growth, and success in reducing the use of
exemptions has also been mixed.
Agencies Have Taken Steps to Reduce Backlogs, but Some Backlogs Have
Increased:
The agency components we studied took the following actions aimed at
reducing their backlogs of FOIA requests.
* Reporting backlog status. A majority of the agency components we
studied produced quantitative reports on backlogs for higher-level
management at least monthly. For example, Army FOIA staff briefed the
Deputy Administrative Assistant to the Secretary of the Army every
month on the status of FOIA requests, including a monthly report of
backlogs for every unit. This high-level reporting was intended to
convey to staff the importance the Army places on the issue.
* Mobilizing resources. Agency components redirected or acquired
resources to clear backlogs by detailing staff from other work, using
overtime and compensatory time, hiring new staff or contractors, and
providing assistance to local offices. For example, the Army FOIA
office analyzed which field offices had the largest backlogs, then
sent teams to those offices to help them. Similarly, OIP used support
personnel including law clerks and administrative personnel to address
its backlogs.
* Changing procedures. Agency components changed procedures so
requests could be processed faster. Components changed procedures to,
among other things, streamline processes, improve oversight, or change
work assignments. For example, the Air Force issued a new FOIA
directive in 2010 to implement several changes in handling backlogs,
including a requirement for FOIA managers with backlogs to submit
backlog reduction plans. OSD/JS worked with its information technology
(IT) support staff to develop a scanning tool to improve the search
capability of documents throughout the OSD/JS enterprise. This tool
improved results when searching for documents responsive to a FOIA
request.
* Negotiating to simplify requests. Agency components negotiated with
the requesters of large, complex requests to reduce the size and
shorten the time required to fulfill the request. A negotiation with
the requester can result in a reduction in the amount of work that
otherwise would have delayed processing the request and likely
resulted in increased backlogs. For example, the FBI negotiated with
one requester to reduce the size of the request where it had located
more than 37,000 pages responsive to the request. Since each page
would have to be checked before being released, the request would have
required considerable time to process. Instead, the requester agreed
to the FBI's offer to provide faster delivery of 1,150 pages already
processed under a similar, earlier request.
Two examples of components that used several of these actions to
successfully reduce their backlogs are described below.
* CMS reduced its backlog from 10,312 requests in 2009 to 3,486
requests in 2010, and then to 2,008 requests in 2011. Actions that
contributed to its success included mobilizing resources and changing
procedures. First, CMS increased the resources devoted to FOIA,
enabling it to increase staff in its regions and hire former staff as
contractors. Second, CMS changed several procedures related to
processing requests. For example, the FOIA office has given regions
increased authority to provide information to requesters without a
central review. Additionally, CMS implemented an electronic FOIA
processing system in 2009 and continued to refine it in 2010.
* The Army reduced its FOIA backlog from 3,542 requests in 2009 to
1,141 requests in 2010 and then to 1,000 requests in 2011 due to
reporting to management, mobilizing resources, and streamlining
processes. Specifically, FOIA staff briefed the Deputy Administrative
Assistant to the Secretary of the Army every month on the status of
FOIA requests, including a monthly report of backlogs for every unit.
This was intended to convey to staff the importance the Army places on
the issue and that OSD/JS FOIA officials consider it a best practice.
The Army's central FOIA office staff mobilized resources by analyzing
which field offices had the largest backlogs, then sending teams to
those offices to help them. OSD/JS FOIA staff said they also suggested
how field offices could streamline processes. For example, they
suggested that the office that handles military service records no
longer needed to redact records of World War I veterans and could
release them directly since there are no living veterans of that war.
As a result of the actions cited, among others, the majority of the
agency components we studied succeeded in reducing their FOIA backlogs
between 2009 and 2011. Specifically, 10 of the 16 agency components
had reduced their backlogs of FOIA requests, 2 had no material change,
[Footnote 20] and 4 had increases. Figure 3 shows component backlog
levels for 2009 through 2011 arranged in order of the size of their
2011 backlogs.
Figure 3: Number of Backlogged FOIA Requests by Agency Component, 2009-
2011:
[Refer to PDF for image: vertical bar graph]
Agency: DHS/Privacy;
2009: 66;
2010: 15;
2011: 4.
Agency: ICE;
2009: 10;
2010: 27;
2011: 18.
Agency: NIH;
2009: 70;
2010: 37;
2011: 25.
Agency: EOIR;
2009: 183;
2010: 264;
2011: 205.
Agency: HHS/OS;
2009: 722;
2010: 525;
2011: 309.
Agency: BOP;
2009: 381;
2010: 370;
2011: 317.
Agency: DOJ OIP;
2009: 361;
2010: 411;
2011: 469.
Agency: AF;
2009: 725;
2010: 626;
2011: 525.
Agency: DOD/OSD;
2009: 1,708;
2010: 1,061;
2011: 908.
Agency: FBI;
2009: 1,758;
2010: 1,602;
2011: 938.
Agency: Army;
2009: 3,542;
2010: 1,141;
2011: 1,000.
Agency: Navy;
2009: 1,139;
2010: 798;
2011: 1,658.
Agency: CMS;
2009: 10,312;
2010: 3,486;
2011: 2,008.
Agency: FDA;
2009: 4,818;
2010: 4,691;
2011: 3,421.
Agency: CBP;
2009: 88;
2010: 601;
2011: 4,356.
Agency: USCIS;
2009: 16,801;
2010: 8,209;
2011: 35,780.
Source: GAO analysis of agency data.
[End of figure]
Of the four components whose backlogs increased, three had increases
in requests received. USCIS had the largest increase, a 62 percent
rise in requests received, from 71,429 in 2009 to 115,545 in 2011.
Officials of half of the components in our review identified an
increase in requests that are identified as complex as a challenge.
Two of the four components with increases--Navy and OIP--cited higher
numbers of complex requests as contributing to the increase in their
backlogs. Without sustaining the actions they have taken, the agency
components risk endangering the progress they have made in reducing
their backlogs and limit the potential for future progress in this
area.
Agencies Have Taken Steps to Reduce their Use of Exemptions, but
Results Are Mixed:
Recent policy and decisions direct agencies to release more
information. The Attorney General's March 2009 memorandum instructs
agencies to make discretionary disclosures of information that might
be withheld under an exemption or exemptions if it would cause no harm
to disclose it. The mechanism by which this is carried out is called a
"foreseeable harm" analysis. The administration has highlighted two
exemptions that offer opportunities for discretionary release.
Specifically, OIP guidance stated that exemption 5 (which includes pre-
decisional documents and attorney work products), provides the best
opportunity for increasing the release of information. In addition,
the President's 2011 open government report[Footnote 21] described the
potential for reduced use of exemption 2. Further, in March 2011, the
Supreme Court, in Milner vs. Navy, substantially narrowed the
information to which exemption 2 could be applied. [Footnote 22] Prior
to the Milner decision, agencies used a "high two" interpretation that
allowed them to withhold predominately internal information if
disclosing it could lead to circumvention of the law. The Supreme
Court held that this interpretation was invalid and that exemption 2
applies only to personnel practices.
Components in our review took a number of actions aimed at reducing
the use of exemptions through discretionary disclosures:
* Training. All 16 of the agency components we studied provided
training to their FOIA staff on the Attorney General's memorandum and
the presumption of openness. In addition, OIP regularly conducts
training dealing with openness and makes training materials available
on its website. The FBI has a structured training process, which
includes modules dedicated to specific exemptions and mandatory exams
and leads to certification as an FBI "FOIA Professional."
* Foreseeable harm analyses. Agency components took steps to
facilitate foreseeable harm analyses as called for by the Attorney
General. For example, EOIR applied the foreseeable harm test to
maximize the amount of deliberative process information posted online
as part of an online tool for judges. Further, DHS/Privacy modified
the form used to transmit documents responsive to a request, so that
each office must now certify that a foreseeable harm review and
analysis has been completed for all withheld and partially withheld
records. The Army Corps of Engineers and EOIR provided training
specifically focused on foreseeable harm analysis.
* Reviews. Multiple components subjected exemptions to reviews by
senior staff or attorneys before releasing them to verify that there
was foreseeable harm. For example, the FBI's FOIA process included a
quality control review process, where higher-ranking analysts (GS-13
and 14) review the responsible analysts' use of exemptions as well as
the potential release of sensitive information. At OSD/JS, the Chief
of the OSD/JS FOIA Requester Service Center reviewed all denials under
exemption 5 and sent back those that were not adequately justified.
* Compliance with the Milner decision. All but one agency component we
reviewed either reduced its use of exemption 2 as a result of the
Milner decision, or used it in a small number of cases. CBP and USCIS
both reduced the number of times exemption 2 was used in 2011 to fewer
than half of their 2009 levels. Examples of actions components took to
facilitate compliance included OIP's issuance of guidance on Milner
and training developed by ICE.
* Distributing guidance. To encourage compliance with the new FOIA
policies, OIP issued government-wide guidance on the presumption of
openness and on exemptions 2 and 5. Other agencies and components
distributed the Attorney General's memorandum and other guidance. DOD
and DHS both issued guidance applicable to all of their agency
components.
About half of the agency components we studied reduced the rate at
which they applied exemptions to FOIA requests. Specifically, during
the 2009-2011 time period:
* Seven of the agency components in our review--USCIS, CBP, OIP, FBI,
ICE, Army, and OSD/JS--reduced the average number of exemptions they
applied per request. The 3 largest users of exemptions--USCIS, CBP,
and ICE--which accounted for 83 percent of all exemptions in our
review in 2011, all had reductions.
* Three components--EOIR, FDA, and NIH--stayed at about the same level
of exemption use.[Footnote 23]
* Six components--Navy, BOP, CMS, Air Force, HHS/OS, and DHS/Privacy--
increased their average number of exemptions per request. [Footnote 24]
* Most components made progress in reducing the use of exemptions 2
and 5. The use of exemption 5, cited by OIP as providing the best
opportunity for discretionary releases, decreased for 11 of the 16 of
components, while 12 of 16 agency components reduced the use of
exemption 2 following the Milner decision.
Figure 4 shows the changes in the average number of exemptions applied
per request[Footnote 25] from 2009, when the Attorney General's
memorandum was issued, to 2011.
Figure 4: Exemption Use by Agency Components from 2009 through 2011:
[Refer to PDF for image: vertical bar graph]
Number of exemptions per request:
Decrease in use of exemptions 2009-2011:
Agency: USCIS;
2009: 3.24;
2010: 2.99;
2011: 2.58.
Agency: CBP;
2009: 2.72;
2010: 2.97;
2011: 2.2.
Agency: DOJ OIP;
2009: 0.9;
2010: 0.7;
2011: 0.62.
Agency: FBI;
2009: 3.63;
2010: 3.59;
2011: 3.38.
Agency: ICE;
2009: 2.35;
2010: 2.37;
2011: 2.21.
Agency: Army;
2009: 0.64;
2010: 0.65;
2011: 0.6.
Agency: DOD/OSD;
2009: 1.2;
2010: 1.21;
2011: 1.16.
No significant change:
Agency: EOIR;
2009: 0.02;
2010: 0.03;
2011: 0.02.
Agency: FDA;
2009: 0.04;
2010: 0.04;
2011: 0.05.
Agency: NIH;
2009: 0.12;
2010: 0.12;
2011: 0.13.
Increase in use of exemptions 2009-2011:
Agency: Navy;
2009: 0.69;
2010: 0.81;
2011: 0.74.
Agency: BOP;
2009: 0.26;
2010: 0.33;
2011: 0.33.
Agency: DHS/Priv;
2009: 1.52;
2010: 1.62;
2011: 1.59.
Agency: CMS;
2009: 0.05;
2010: 0.25;
2011: 0.13.
Agency: AF;
2009: 0.62;
2010: 0.83;
2011: 0.83.
Agency: HHS/OS;
2009: 1.01;
2010: 1.44;
2011: 1.29.
Source: GAO analysis of agency data.
This figure is calculated based on requests that were granted in full,
partially granted, or denied and does not include requests denied for
reasons other than exemptions.
[End of figure]
Although components have acted to reduce the use of exemptions, a
component's ability to do so can be limited because not all of the
exemptions are equally discretionary. While agencies may, under the
law, make discretionary disclosures of exempt information where they
are not otherwise prohibited from doing so, some of the exemptions
apply to categories of information that are more strictly controlled
than others. For example, exemption 1 protects from disclosure
properly classified national security information, exemption 3 applies
to information that has been exempted from disclosure by another law,
exemption 6 protects privacy interests in personal information, and
exemption 7 applies to certain information compiled for law
enforcement purposes. Exemptions 6 and 7 are the exemptions most
frequently used by the components we studied and accounted for more
than half of all exemptions reported in 2011 by those components. For
all but one component, exemption 6 (privacy) was the most frequently
used and it amounted to about 90 percent of CMS's exemptions.
Exemption 7 was also frequently used by agency components with law
enforcement responsibilities. Accordingly, given the role played by
such information in the work of the components in our study, it is
unlikely that they will significantly reduce the use of those more
strict exemptions. For example, the Air Force cited an increase in
interest in congressional travel, which required redactions for
privacy and an increased use of exemption 6, and the FBI cited more
requests for terrorism-related information, leading to an increase in
use of exemption 7 to protect sensitive law enforcement information.
Notwithstanding the impact of such exemptions, overall reductions in
exemption use generally reflect an increase in discretionary
disclosures across the components in our study.
Agency Components Generally Make Records Available Online, but
Approaches to Posting Frequently Requested Records Vary:
As previously discussed, the e-FOIA amendments encourage online,
public access to government information and require agencies to make
specific types of records available to the public in electronic form:
agency final opinions and orders, statements of policy, administrative
staff manuals, and frequently requested records. In addition,
memorandums from both the President and the Attorney General in 2009
highlight the importance of online disclosure and further direct
agencies to make information available without a specific FOIA request.
As a result of deficiencies in agencies' FOIA libraries noted by the
Attorney General in 2008,[Footnote 26] OIP issued guidance to all
Chief FOIA Officers to certify that they were in compliance with
FOIA's requirements for posting certain categories of records online.
In this guidance, OIP reiterated that "agencies should organize the
records in a way that allows for efficient and easy location of
specific documents," and that "agencies are obligated to not only
maintain, but to continuously update, each of the four categories of
reading room records."
Most of the agency components we reviewed have made records available
online in the four categories of required records, either in their
FOIA library or elsewhere on the agency component's website.
Specifically, 12 of the 16 agency components we reviewed had posted
records in all four of the required categories to their FOIA
libraries. In addition, 3 of the 16 agency components we reviewed had
posted records in all four of the required categories in either their
FOIA library or elsewhere on the agency component's website.[Footnote
27] The remaining agency component had posted records to its FOIA
library in only two of the required categories; we could not locate
records in the other two categories either in its FOIA library or on
the agency component's website. Table 1 summarizes the extent to which
the agency components we reviewed made:
Table 1: Agency Information Required to be Posted Online Pursuant to
the e-FOIA Amendments:
Categories of required records: Agency final opinions;
DOD:
OSD: Required information is available in FOIA library;
AF: Required information is available in FOIA library;
Army: Required information is available in FOIA library;
Navy: Required information is not available in FOIA library but was
found on agency component's website (located through independent
search);
DHS:
Priv: Category exists in FOIA library, but required information was
not posted and was not found elsewhere;
CBP: Required information is available in FOIA library;
ICE: n/a;
USCIS: Required information is not available in FOIA library but was
found on agency component's website (located through independent
search);
HHS:
OS: Required information is available in FOIA library;
CMS: Required information is available in FOIA library;
FDA: Required information is available in FOIA library;
NIH: n/a;
Justice:
OIP: Required information is available in FOIA library;
BOP: n/a;
EOIR: Required information is available in FOIA library;
FBI: n/a.
Categories of required records: Policy statements/interpretation;
DOD:
OSD: Required information is available in FOIA library;
AF: Required information is available in FOIA library;
Army: Required information is available in FOIA library;
Navy: Required information is available in FOIA library;
DHS:
Priv: Required information is available in FOIA library;
CBP: Required information is available in FOIA library;
ICE: Required information is available in FOIA library;
USCIS: Required information is available in FOIA library;
HHS:
OS: Required information is available in FOIA library;
CMS: Required information is available in FOIA library;
FDA: Required information is available in FOIA library;
NIH: Required information is available in FOIA library;
Justice:
OIP: Required information is available in FOIA library;
BOP: Required information is available in FOIA library;
EOIR: Required information is available in FOIA library;
FBI: Required information is available in FOIA library.
Categories of required records: Administrative staff manuals;
DOD:
OSD: Required information is available in FOIA library;
AF: Required information is available in FOIA library;
Army: Required information is available in FOIA library;
Navy: Required information is not available in FOIA library but was
found on agency component's website (located through independent
search);
DHS:
Priv: Category exists in FOIA library, but required information was
not posted and was not found elsewhere;
CBP: Required information is available in FOIA library;
ICE: Required information is available in FOIA library;
USCIS: Required information is not available in FOIA library but was
found on agency component's website (located through independent
search);
HHS:
OS: Required information is available in FOIA library;
CMS: Required information is available in FOIA library;
FDA: Required information is available in FOIA library;
NIH: Required information is not available in FOIA library but was
found on agency component's website (located through independent
search);
Justice:
OIP: Required information is available in FOIA library;
BOP: Required information is available in FOIA library;
EOIR: Required information is available in FOIA library;
FBI: Required information is available in FOIA library;
Categories of required records: Frequently requested records;
DOD:
OSD: Required information is available in FOIA library;
AF: Required information is available in FOIA library;
Army: Required information is available in FOIA library;
Navy: Required information is available in FOIA library;
DHS:
Priv: Required information is available in FOIA library;
CBP: Required information is available in FOIA library;
ICE: Required information is available in FOIA library;
USCIS: Required information is available in FOIA library;
HHS:
OS: Required information is available in FOIA library;
CMS: Required information is available in FOIA library;
FDA: Required information is available in FOIA library;
NIH: Required information is available in FOIA library;
Justice:
OIP: Required information is available in FOIA library;
BOP: Required information is available in FOIA library;
EOIR: Required information is available in FOIA library;
FBI: Required information is available in FOIA library.
Source: GAO analysis of agency data.
Notes:
n/a: Not applicable--agency component stated that it does not
adjudicate cases.
[End of table]
Specifically, DHS/Privacy's FOIA library listed all of the categories
of required records, but at the time of our review, no records were
posted in two of the categories: final opinions and manuals. According
to an agency official, DHS/Privacy is in the process of redesigning
its FOIA library and plans to address the issue in the next few months.
Although we were able to locate required records in most of the agency
components' FOIA libraries, we could not always easily locate records
when they were posted elsewhere on the agency components' websites.
For example, the components often did not provide links to required
documents if they were maintained by an external office, such as the
General Counsel's office for agency final opinions.[Footnote 28] In
addition, not all components generate records in each required
category, and they did not explain the absence of this information
from their FOIA libraries. Specifically, we found that:
* The USCIS FOIA library listed the four categories of records
required under e-FOIA, but only provided a link to policy statements
and memorandums in a "related links" sidebar. Although we were able to
locate final opinions and staff manuals elsewhere on the USCIS website
through an independent search, the FOIA library did not indicate that
these records were available elsewhere. A USCIS FOIA official stated
that the agency intends to launch a redesigned FOIA library by the end
of June 2012.
* Navy's FOIA library included, among other things, a number of policy
memorandums; however, it did not include documents or external links
to final opinions or staff manuals. An independent search of the
Navy's website showed that Navy's final opinions were managed on a
separate website maintained by the Navy Judge Advocate General and
that staff manuals, directives, and other Navy publications could be
found on a website maintained by the Secretary of the Navy.
* The NIH FOIA library contained, among other things, frequently
requested records, but we could not locate documents or external links
related to NIH final opinions or staff manuals. An NIH official stated
that the agency component does not issue final opinions. Through an
independent search, we identified NIH manuals in a central database
maintained by NIH's Office of Management Assessment. However, the
existence of this required information was not made clear in the FOIA
library; there is only a statement that encourages potential FOIA
requesters to use the NIH search engine to locate information.
* ICE's FOIA library included policy statements, staff manuals, and
frequently requested records. However, we could not locate records
related to agency final opinions, either in the FOIA library or
elsewhere on ICE's website. ICE's FOIA Officer stated that the agency
does not issue final opinions and therefore has no records to post. In
response to our assessment, ICE has posted information to its FOIA
library stating that final opinions related to immigration cases are
handled by EOIR.
* The FBI's main FOIA web page acknowledged that the agency is
required to make certain categories of records available in its FOIA
library; it also stated that there were no records available in two
categories: agency policy statements and final opinions. However,
during our review, we were able to locate one policy statement posted
in the FOIA library. FBI's Section Chief, Records Management, stated
that the FBI does not issue agency final opinions. In response to our
assessment, FBI has updated its main FOIA webpage to provide a link to
relevant policies that are available online.
Agency Components Have Taken Varied Approaches to Identifying
Frequently Requested Records:
As noted in table 1, all of the agency components in our review have
met the requirement for posting frequently requested records to their
FOIA libraries: that is, records that have become or are likely to
become of significant interest to the public. In addition, we found
that agency components have taken a variety of approaches to identify
and manage frequently requested records. This has resulted in
differences among agency components in the type and volume of
frequently requested records that have been made available to the
public.
During our review, we identified several agency components whose
proactive efforts to release records--through the use of formal
policies and procedures, technology improvements, and management
initiatives to release more information--have resulted in
comprehensive FOIA libraries. For example,
* Air Force has established a formal policy to post all records
released under FOIA to its FOIA library, with the exception of records
that include personally identifiable information. An Air Force
official stated that as a result of this policy, the Air Force
continuously reviews and updates the contents of its FOIA library,
which contained 5,211 records in 41 subject categories, as of June
2012. These categories range from Air Force contracts to radar data to
information on congressional travel. Records are managed in an online
searchable database, and the public can locate records by name,
category, or date posted.
* OSD/JS has implemented a procedure to post all records released
under FOIA to its FOIA library.[Footnote 29] An OSD/JS official stated
that the office has a team dedicated to managing postings to the FOIA
library, and, in addition to releasing all FOIA-processed records, it
also proactively releases FOIA logs[Footnote 30] and inventories of
OSD/JS records stored at the Washington National Records Center.
OSD/JS officials reported in June 2012 that the library contained
about 3,700 records in eight subject categories and includes, for
example, documents related to homeland defense, U.S. foreign policy,
and defense research projects. In addition, OSD/JS maintains a
directory of frequently requested documents in 10 categories,
including, for example, historical and current contracts for eight DOD
components.[Footnote 31] OSD/JS also offers a service of providing e-
mail notifications to subscribers when new records are posted to the
FOIA library.
* As of June 2012, FBI's FOIA library, the Vault, contained 6,656
records in 20 subject categories, such as current events, organized
crime, and civil rights. The Vault contains historical FBI
investigation files and internal memorandums on a variety of topics
and individuals, as well as media coverage files, images, and video.
FBI's Section Chief, Records Management stated that after establishing
the Vault, FBI worked with Google to optimize the site's search
capabilities. In addition, the agency recently implemented technology
improvements to the Vault that will help them continue to expand the
number of records available and allow the public to more easily view
and search within files online. FBI also provides e-mail updates to
subscribers when new information is posted to its website.
* In 2011, CMS redesigned its FOIA library to make it easier for the
public to locate information that was already available online through
the efforts of various CMS components. Specifically, CMS has created
an A to Z subject index of frequently requested information that
currently contains 88 subject area categories. These include tools to
compare data on hospitals, nursing homes, and Medicare plans; data
sets and statistics on Medicaid; and various fee schedules. CMS's FOIA
library also provides access to an online tool for downloading
personal Medicare claims, their most common FOIA request.[Footnote 32]
In addition, since 2011, CMS has required the directors of its centers
and program offices to identify semi-annually at least three
categories of frequently requested information to add to the A to Z
subject index.
* FOIA processing at FDA is decentralized across seven major centers,
and each of these centers is responsible for identifying and posting
frequently requested records to its FOIA library. FDA has broad
initiatives to release information proactively online, and FDA's FOIA
director estimated that the agency has posted about 360,000 documents
and 66 searchable databases to its website.[Footnote 33] In addition,
FDA's FOIA director noted that FDA has seen a steady reduction in the
number of FOIA requests it has received over the last eleven years: in
2000 FDA received about 25,000 requests, and in 2011 it received 9,301
requests. He stated that this reduction is a direct result of their
extensive online library and commitment to proactively releasing
information.
By contrast, our review of FOIA libraries also identified several
agency components that have not taken sufficient action to identify
and manage frequently requested records. As a result, these agency
components may not be posting all records of significant public
interest online. Specifically,
* Army's FOIA library has been clearly organized by the four required
categories of records established by e-FOIA and includes 23 topic
headings in the frequently requested records section. However, at the
time of our review, several of these categories did not contain
records, and several categories contained only one record.[Footnote
34] In addition, the frequently requested topic headings posted online
were different from those generated by the Army's FOIA IT system that
were provided to us and which we were told were used to manage online
releases. Further, according to results from the FOIA library's search
engine, the most current document posted dates to June 2, 2011--over a
year ago.[Footnote 35] An Army official stated that Army defers to its
300 components to identify and provide copies of records appropriate
for release in the library. In addition, Army typically reviews the
content of its FOIA library only once a year.
* During our review, we found that the Navy's FOIA library contained
few frequently requested records. It consisted primarily of the Navy's
purchase card holder list, five documents related to the department's
use of depleted uranium, and a fact sheet on UFOs. The Navy has also
posted a document with a list of "Top 10 Topics" that provides general
instructions on how to request certain types of information such as
military or investigation records. An official from Navy's FOIA office
stated that the staff reviews the FOIA library quarterly, but they
have not developed policies or procedures to actively identify and
manage frequently requested records. She further noted that
restrictions on server space also limit the office's ability to post
documents to its FOIA library.
* During our review, the USCIS FOIA library consisted of six
frequently requested records: the USCIS FOIA logs, which are updated
monthly; two internal memorandums; John Lennon's alien file, which is
broken into 84 separate documents; a collection of eight documents
related to USCIS's Immigrant Investor Program; and a reference guide
for an IT system. In a separate area of its website, USCIS also listed
its contracts, as was required by DHS's Chief FOIA Officer in 2009.
[Footnote 36] However, we identified only five contracts that were
awarded between July 2003 and October 2009. During a March 2012
interview, agency officials acknowledged these deficiencies and stated
that they were working to redesign their FOIA library. In June 2012, a
USCIS FOIA official stated that the agency plans to launch a new FOIA
library by August 2012.
A number of factors have contributed to the differences in agency
components' ability to post frequently requested records to their FOIA
libraries. Some agencies do not disclose as many records to the public
due to the types of FOIA requests they receive. Specifically,
officials at 7 of the 16 agency components we reviewed stated that the
majority of their FOIA requests are for records about the requesters
themselves, such as prison records, immigration files, or personal
medical information. These types of records are rarely requested
multiple times, and as a result, the agency components may find they
have fewer frequently requested records appropriate for release in
their FOIA library. However, the strongest indicator among the agency
components with comprehensive FOIA libraries is that they have taken a
proactive approach to ensuring that records of significant public
interest are posted online. These agency components, for example, have
established policies and procedures to identify records, continuously
review their FOIA library to ensure that content is current, or have
aligned their FOIA-related efforts with the agency's broader
initiatives to release information online. As a result, these agency
components have established comprehensive FOIA libraries. Furthermore,
as described by one agency component, this commitment to consistently
releasing information online has contributed to a decrease in the
number of new requests over time. Those agency components with
sparsely populated FOIA libraries may not be posting all records of
significant public interest online, or available information may be
difficult to locate. This can result in increased FOIA requests, which
in turn can contribute to increased backlogs and administrative costs.
Agency Components Have Implemented Technology to Support FOIA
Processing to Varying Degrees:
Agency components have implemented technology capabilities to support
FOIA processing. However, the extent to which they have implemented
capabilities that are considered to be best practices varies. Also,
most agency components use FOIA processing systems that do not
electronically exchange data.
Agency Components Have Systems to Process and Track FOIA Requests, but
Implementation of Additional Capabilities Varies:
Almost all agency components that we reviewed (15 of the 16) are
implementing most of the 13 technology capabilities considered to be
best practices for FOIA processing.[Footnote 37] Table 2 summarizes
the agency components' implementation of best practices capabilities.
Table 2: Detailed View of Agency Components' Implementation of FOIA
Capabilities:
Technology capabilities: Single tracking system;
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is currently implemented;
Navy: Capability is partially implemented;
DHS:
Priv: Capability is currently implemented;
CBP: Capability is currently implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is partially implemented;
FDA: Capability is currently implemented;
NIH: Capability is currently implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Technology capabilities: Accept request online;
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is currently implemented;
Navy: Capability is currently implemented;
DHS:
Priv: Capability is currently implemented;
CBP: Capability is currently implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is currently implemented;
FDA: Capability is currently implemented;
NIH: Capability is currently implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Technology capabilities: Assign request tracking number and track
status;
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is currently implemented;
Navy: Capability is currently implemented;
DHS:
Priv: Capability is currently implemented;
CBP: Capability is currently implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is currently implemented;
FDA: Capability is currently implemented;
NIH: Capability is currently implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Technology capabilities: Route request to responsible office;
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is currently implemented;
Navy: Capability is partially implemented;
DHS:
Priv: Capability is currently implemented;
CBP: Capability is currently implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is currently implemented;
FDA: Capability is currently implemented;
NIH: Capability is currently implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Technology capabilities: Ability to multitrack requests (simple,
complex, expedited);
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is currently implemented;
Navy: Capability is partially implemented;
DHS:
Priv: Capability is currently implemented;
CBP: Capability is currently implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is currently implemented;
FDA: Capability is currently implemented;
NIH: Capability is currently implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Technology capabilities: Store and route electronic records;
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is partially implemented;
Navy: Capability is not implemented;
DHS:
Priv: Capability is not implemented;
CBP: Capability is not implemented;
ICE: Capability is not implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is currently implemented;
FDA: Capability is currently implemented;
NIH: Capability is not implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Technology capabilities: Electronic redaction capabilities;
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is currently implemented;
Navy: Capability is currently implemented;
DHS:
Priv: Capability is currently implemented;
CBP: Capability is currently implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is currently implemented;
FDA: Capability is currently implemented;
NIH: Capability is currently implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Technology capabilities: Calculate and record processing fees;
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is currently implemented;
Navy: Capability is currently implemented;
DHS:
Priv: Capability is not implemented;
CBP: Capability is currently implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is currently implemented;
FDA: Capability is currently implemented;
NIH: Capability is currently implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Technology capabilities: Review the case file to approve redactions
and fee calculations;
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is partially implemented;
Navy: Capability is not implemented;
DHS:
Priv: Capability is not implemented;
CBP: Capability is not implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is currently implemented;
FDA: Capability is currently implemented;
NIH: Capability is not implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Technology capabilities: System-generated correspondence with
requesters;
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is currently implemented;
Navy: Capability is partially implemented;
DHS:
Priv: Capability is not implemented;
CBP: Capability is not implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is currently implemented;
FDA: Capability is currently implemented;
NIH: Capability is currently implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Technology capabilities: Requester's ability to track status online;
DOD:
OSD: Capability is not implemented;
AF: Capability is currently implemented;
Army: Capability is not implemented;
Navy: Capability is not implemented;
DHS:
Priv: Capability is not implemented;
CBP: Capability is not implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is not implemented;
CMS: Capability is currently implemented;
FDA: Capability is not implemented;
NIH: Capability is not implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is not implemented;
EOIR: Capability is not implemented;
FBI: Capability is currently implemented.
Technology capabilities: Track appeals electronically;
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is currently implemented;
Navy: Capability is currently implemented;
DHS:
Priv: Capability is currently implemented;
CBP: Capability is currently implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is currently implemented;
FDA: Capability is currently implemented;
NIH: Capability is currently implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Technology capabilities: Generate periodic report statistics;
DOD:
OSD: Capability is currently implemented;
AF: Capability is currently implemented;
Army: Capability is currently implemented;
Navy: Capability is partially implemented;
DHS:
Priv: Capability is currently implemented;
CBP: Capability is currently implemented;
ICE: Capability is currently implemented;
USCIS: Capability is currently implemented;
HHS:
OS: Capability is currently implemented;
CMS: Capability is partially implemented;
FDA: Capability is currently implemented;
NIH: Capability is currently implemented;
Justice:
OIP: Capability is currently implemented;
BOP: Capability is currently implemented;
EOIR: Capability is currently implemented;
FBI: Capability is currently implemented.
Source: GAO analysis of agency data.
[End of table]
As the table reflects, 4 of the 16 agency components have implemented
all of the technology capabilities for processing and tracking FOIA
requests. Specifically, the Air Force, USCIS, OIP, and FBI use a
single tracking system that enables agency officials to track the
status of the request; store, route, and redact responsive records;
and review the case file to approve redactions and fee calculations
electronically. These agency components are also able to generate
annual reports and monthly backlog statistics. Further, these
components have implemented capabilities that enable requesters to
submit a request through an online form or e-mail and track the status
of their request online.
Five agency components have implemented all of these capabilities
except the one that allows requesters to track the status of their
FOIA request online. The reasons why they have not implemented this
capability include the following:
* OSD/JS officials stated that they have not implemented this
capability because their tracking system is located on a classified
network. Although OSD/JS has developed an application that will link
to its tracking system and will allow a requester to track his or her
request online, it is in the process of ensuring that the appropriate
security measures have been put in place before the application is
available. OSD/JS intends to have this capability implemented by
October 2012.
* HHS reported that two of its components--OS and FDA--have not yet
implemented the capability that allows a requester to track the status
of a request online. HHS/OS officials could not provide a time frame
for when this activity would be completed and stated that their FOIA
website encourages requesters to contact FOIA personnel, through phone
or e-mail, regarding the status of their request, which allows them to
clarify any misunderstanding regarding it. FDA officials stated that
because of the component's decentralization, and the complexity and
volume of records, it is more productive to discuss requests directly
with the requester via telephone.
* At Justice, BOP officials indicated that they intend to have this
capability implemented by October 2012.
Additionally, ICE has implemented all of the capabilities but the one
associated with enabling agency officials to store and route
electronic records. According to ICE officials, their tracking system
would not be suitable for storing and routing electronic records and
reviewing and approving the electronic case file because the system
was not designed to handle these capabilities and would run extremely
slowly when tracking a FOIA request. ICE officials stated that they
are currently in the process of researching systems that will provide
these capabilities.
CMS has implemented all but two capabilities. Specifically, it has not
fully implemented a single tracking system or the capability to
generate periodic report statistics, such as monthly backlog and
annual report data. According to CMS officials, while they can track
most FOIA cases through their tracking system, contractors do not have
access to the system and, instead, track their cases using Microsoft
Access, Excel, or other tools. CMS cited challenges in compiling the
annual report because it has to use these multiple contractor systems
to compile data for the report. Officials stated that they intend to
deploy a single tracking system to 21 contractors that handle Medicare
administration by the end of fiscal year 2012.
Army and NIH have implemented all but three capabilities.
Specifically, they have not fully implemented the capabilities that
enable agency officials to store and route electronic records and to
review the case file to approve redactions and fee calculations, or
that allow requesters to track the status of their request online.
Army officials stated that they are currently in the process of
researching systems that will provide these capabilities. In addition,
NIH officials stated that their tracking system does not perform FOIA
workflow processing, such as storing and routing electronic records.
The officials also stated that they are currently in the process of
researching systems that will provide these capabilities.
CBP has implemented all but four capabilities, and DHS/Privacy has
implemented all but five capabilities. CBP and DHS/Privacy have not
implemented the capabilities that enable agency officials to store and
route electronic records, review the case file to approve redactions
and fee calculations, generate system correspondence with requesters,
or allow a requester to track the status of his or her request online.
Further, DHS/Privacy has not implemented a technology capability to
calculate and record processing fees. According to CBP officials, they
are in the process of researching various FOIA systems that have these
capabilities and expect to obligate funds for a tracking system that
includes them by October 2012. DHS/Privacy officials attribute
challenges in implementing the missing technology capabilities to the
fact that, at the time the tracking system was implemented, it
fulfilled the general tracking needs of the office based on a
relatively limited number of requests. However, as the number of
requests has increased and the requests have become more complex, DHS/
Privacy has realized the need for a system that can conduct processing
capabilities, such as storing and routing electronic records. DHS/
Privacy officials stated that the office intends to implement a system
that fulfills the missing technology capabilities by October 2012.
Navy has fully implemented only five capabilities. Specifically, it
has not fully implemented a single tracking system or the capability
to, among other things, multi-track and route requests to the
responsible office and generate periodic report statistics. Navy
officials attributed challenges to implementing the missing technology
capabilities to their reengineering of FOIA processes to identify
areas of inefficiencies and stated that they expect to implement a
departmentwide system that includes the missing technology
capabilities by October 2012.
Although OGIS, in conjunction with the EPA and Department of Commerce,
identified capabilities to enhance FOIA processing, there is not a
requirement for agencies and their components to ensure that their
FOIA systems implement these capabilities. Nevertheless, without
determining which of the capabilities have the potential to improve
their FOIA processing and establishing plans to implement the
capabilities, the agency components are likely missing opportunities
to improve the efficiency with which they process FOIA requests.
Most Agency Components Use FOIA Processing Systems that Do Not
Electronically Exchange Data:
Effective IT management practices encourage agencies to share common
systems to promote interoperability (generally, the ability of systems
to exchange data).[Footnote 38] However, the agency components we
studied within DHS, DOD, HHS, and Justice use FOIA processing systems
that do not electronically exchange data. The use of different systems
can increase the time for an agency component to refer a FOIA request
to another agency or to consult with other components in addressing a
request because they either have to e-mail, mail, or send paper-based
referrals and consultations via courier to other agency components for
processing.[Footnote 39] For example, referrals and consultations
within HHS have to be mailed or e-mailed between its agency
components, including NIH, FDA, and CMS.
Further, OSD/JS officials noted that routing referrals and
consultations among and within its components is not automated among
their existing systems. Consequently, referrals and consultations
within DOD must be mailed or e-mailed between components, including
Air Force, Army, and Navy. According to OSD/JS officials, the
department currently has an initiative under way to address
transferring the documents associated with interagency referrals and
consultations electronically: the Enterprise Referral Process Tool.
DOD developed the tool to support transmitting documents between its
components when there is a need to refer or consult with other FOIA
offices on the disposition of a document requested under FOIA. Instead
of needing to attach voluminous documents within an e-mail, the
documents can be uploaded to an online system and a link to the
location of the documents is provided to the recipient. Department
officials stated that this system is currently being used throughout
DOD. The department has also partnered with OIP and NARA to encourage
other federal agencies to use this system. Nevertheless, while this
system facilitates the exchange of documents associated with a
referral or consultation, it does not address the lack of
interoperability among its components' tracking systems and the fact
that routing referrals and consultations across DOD is not automated
through existing systems.
The inability of agency FOIA processing systems to electronically
exchange data also complicates the compiling of agency annual FOIA
reports. For example, DOD, DHS, and HHS officials reported that they
conduct data calls to their various components to retrieve annual
report data from their various FOIA tracking systems. To address this
situation, DOD is in the process of developing a unified annual report
system that is expected to be used by all DOD components to submit and
compile their annual report data by November 2012. In addition,
according to DHS officials, they are planning to implement a
departmentwide system by October 2013. HHS officials stated that they
could not provide plans or a potential time frame for when this need
will be addressed. Further, according to Navy and CMS officials, these
agency components have encountered similar challenges in compiling
data for the annual report because they have not implemented a single
tracking system and must compile data from their various subcomponent
or contractor systems.
Officials from DHS, DOD, HHS, and Justice attributed the inability of
FOIA processing systems to electronically exchange data to the fact
that there is neither a requirement nor a centralized authority
responsible for ensuring that FOIA tracking systems are interoperable
across and within agency components. They also pointed to the fact
that implementation of FOIA is decentralized and occurs at the agency
component level, instead of the department level, which contributes to
the current environment of different, non-interoperable agency
component tracking systems. Specifically, DOD officials noted that the
classified records in the component FOIA processing systems preclude
them from being interoperable with non-classified systems. Therefore,
classified systems can only be interoperable with other classified
systems. This notwithstanding, without identifying potential
approaches to electronically exchanging data among their systems,
agencies and their components will likely continue to face
difficulties in conducting key FOIA activities, including processing
interagency referrals and electronically compiling their annual
reports.
Conclusions:
The agency components we studied have taken a variety of actions,
subsequent to the Attorney General's March 2009 memorandum, to improve
their FOIA programs. Despite these actions, they have achieved mixed
results with respect to reducing their backlogs and use of exemptions.
Agencies' mixed results with respect to reducing FOIA backlogs and use
of exemptions illustrate the importance of their continuing to take
the actions we identified to sustain progress and realize additional
improvements in these areas.
Agency components are generally making records available to the public
online, either in their FOIA libraries or elsewhere on their agency
websites, although the records may not be easy for the public to
locate. Agency components have employed a variety of approaches,
including frequent content reviews, to proactively manage their
libraries. However, not all agency components are ensuring that
frequently requested records are identified and posted online, which
has resulted in a handful of FOIA libraries with little content and
may lead to recurring FOIA requests for the same information and the
administrative costs of processing them.
While the agency components in our review have implemented FOIA
processing systems that include best practice capabilities to varying
degrees, their systems do not electronically share data.
Implementation of the remaining capabilities and enabling the
electronic exchange of data among FOIA processing systems present
potential opportunities for agencies to improve the efficiency of
their FOIA processing.
Recommendations for Executive Action:
To improve the management of FOIA processing, we recommend that the
Secretaries of DHS, DOD, and HHS and the Attorney General direct their
respective Chief FOIA Officers take the following five actions:
* Ensure that the agency components within their departments, as
needed, take actions--report backlog status, redirect resources,
change procedures, and negotiate to simplify requests--to reduce their
backlogs of FOIA requests.
* Ensure that the agency components within their departments, as
appropriate, conduct training, perform foreseeable harm analyses,
complete reviews, comply with the Milner decision, and distribute
guidance to reduce their use of exemptions.
* Ensure that the agency components within their departments address
the deficiencies in their FOIA libraries by making required categories
of records easier to locate, clearly indicating when records in
required categories do not exist, and expanding the content of FOIA
libraries.
* Evaluate whether the agency components within their departments
could improve the efficiency of their FOIA processing by implementing
each of the technology capabilities that they do not already have.
* Identify and evaluate potential approaches (e.g., enhancements to or
replacement of existing systems) for enabling the electronic exchange
of data between the FOIA processing systems of the agency components
within their departments.
Agency Comments and Our Evaluation:
We received written comments on a draft of this report from the four
agencies to which we made recommendations--DHS, DOD, HHS, and Justice--
and from NARA. In these comments, the four agencies agreed or
generally agreed with our recommendations. In addition, NARA
characterized our report as helpful and said it will greatly assist
OGIS in its review activities. The comments of the agencies are
summarized below:
* The Director of DHS's Departmental GAO-OIG Liaison Office stated
that the department concurred with our recommendations and described
actions DHS has taken or plans to take to address them. For example,
the Director stated that the department is committed to reducing the
backlog of FOIA requests by implementing actions, such as coordinating
and reviewing its components' FOIA processes and detailing FOIA
specialists to components experiencing difficulty in reducing their
backlogs. DHS's comments are reprinted in appendix III.
* The Chief of DOD's Freedom of Information Division stated that the
department concurred with our recommendations and described efforts
underway or planned to address them. Among these actions, the Chief
stated that the department will evaluate the technology gaps
identified by GAO no later than June 30, 2013. The department is also
in the process of forming a technology working group to address
various technology options. DOD's comments are reprinted in appendix
IV.
* HHS's Assistant Secretary for Legislation stated that the department
concurred with our recommendations and described steps taken,
underway, or planned to address them. For example, according to the
Assistant Secretary, HHS FOIA officials attended training sessions
sponsored by Justice and, in turn, provided in-house training to FOIA
analysts on changes in case law and disclosure analysis. Further,
department FOIA officials elicited the support of program staff to
clarify complex program related issues, which enabled the FOIA staff
to complete cases involving complex requests quicker. HHS's comments
are reprinted in appendix V.
* The Director of Justice's Office of Information Policy stated that
the department generally agreed with our recommendations and described
actions that OIP has taken or is taking. Among these actions, the
Director stated that OIP recently designed its FOIA library to make
the information and guidance it provides to the public more user-
friendly and easier to locate. The new FOIA library separates
documents into two functional categories: Operational Documents and
FOIA-processed Documents. In addition, the Director stated that OIP's
website explains to the public that operational documents include
policy statements, staff manuals, final opinions, and orders. The
website also explains that the FOIA-processed documents are those that
have been disclosed in response to a FOIA request and have either been
frequently requested or have been determined to likely be of interest
to the public. The Director added that OIP is working with all of the
department's components to similarly organize their FOIA libraries in
a format that will be useful to the public. Further, OIP plans to
issue additional guidance in the upcoming months on proactive
disclosures and maintenance of FOIA libraries. Justice's comments are
reprinted in appendix VI.
* The Archivist of the United States said that the draft report
highlighted factors that can make a critical difference in the success
of agencies in making records available to the public and pointed out
opportunities for agencies to take advantage of technology to improve
their efficiencies in processing requests. According to the Archivist,
NARA hopes that the FOIA Module, the multi-agency FOIA processing and
tracking system sponsored by NARA, EPA, and Commerce that will launch
on October 1, 2012, will lead the way in providing a shared service
that has the technology capabilities identified by the draft report.
NARA's comments are reprinted in appendix VII.
The agencies also provided technical comments, which we have
incorporated as appropriate.
As agreed with your offices, unless you publicly announce the contents
of this report earlier, we plan no further distribution of this report
until 30 days from the date of this report. At that time, we will send
copies of this report to the Secretaries of Defense, Homeland
Security, and Health and Human Services, the Attorney General,
appropriate congressional committees, and other interested parties. In
addition, the report is available at no charge on the GAO website at
[hyperlink, http://www.gao.gov].
If you or your staff have questions about this report, please contact
me at (202) 512-6304 or melvinv@gao.gov. Contact points for our
Offices of Congressional Relations and Public Affairs may be found on
the last page of this report. Key contributors to this report are
listed in appendix VIII.
Signed by:
Valerie C. Melvin:
Director, Information Management and Technology Resources Issues:
[End of section]
Appendix I: Objectives, Scope, and Methodology:
Our objectives were to determine: (1) What actions have agencies taken
to manage their Freedom of Information Act (FOIA) programs, including
reducing backlogs and the use of exemptions, pursuant to the Attorney
General's 2009 FOIA guidelines, and what have been the results of
these actions? (2) What actions have agencies taken to make records
available to the public by electronic means, pursuant to the e-FOIA
amendments of 1996? (3) To what extent have agencies implemented
technology to support FOIA processing?
To inform our work, we reviewed our prior reports, FOIA and related
legislation, policies and guidance issued by the Attorney General and
the Office of Management and Budget, and best practices compiled by
the National Archives and Records Administration (NARA) and the
Department of Justice (Justice).
To address the objectives, we analyzed published statistics and
documents, such as agency FOIA reports, and conducted interviews with
responsible officials at the four federal agencies that received the
most requests and that collectively received more than 50 percent of
all requests during fiscal year 2010: the Departments of Homeland
Security (DHS), Defense (DOD), Health and Human Services (HHS), and
Justice. Because FOIA processing at these agencies is decentralized to
the agency component level, we analyzed the policies, oversight, and
processing activities of each agency's central FOIA office and of the
three components of each agency that received the most requests, as
described below:
* The DHS agency components are the Privacy Office (DHS/Privacy),
which functions as the department's central FOIA office, in addition
to the U.S. Citizenship and Immigration Service (USCIS), Immigration
and Customs Enforcement (ICE), and U.S. Customs and Border Protection
(CBP).
* The DOD agency components are the Office of the Secretary of Defense
and the Joint Staff (OSD/JS), which processes FOIA requests within the
department's central FOIA office, in addition to the Departments of
the Army, Navy, and Air Force.
* The HHS agency components are the Office of the Secretary (HHS/OS),
which functions as the department's central FOIA office, in addition
to the Centers for Medicare & Medicaid Services (CMS), the Food and
Drug Administration (FDA), and the National Institutes of Health (NIH).
* The Justice agency components are the Office of Information Policy
(OIP), which functions as the department's central FOIA office, in
addition to the Federal Bureau of Investigation (FBI), the Federal
Bureau of Prisons (BOP), and the Executive Office for Immigration
Review (EOIR).
For each agency, the four related agency components collectively
accounted for at least half of FOIA requests received by the parent
agency (at least 90 percent for both DHS and HHS).
To determine what actions agencies have taken to manage their FOIA
programs, including reducing backlogs and the use of exemptions, and
what the results of these actions have been, we examined agencies'
annual FOIA reports for the years 2009 to 2011 and Chief FOIA Officer
reports for the years 2010 to 2012. In particular, we analyzed data on
backlogs and exemptions from FOIA.gov. Specifically, we compared
agency component backlogs over time. We also interviewed officials to
determine external factors affecting backlogs, such as changes in
workload, and to identify specific practices that were helpful in
managing backlogs, as well as challenges. For example, we examined
periodic reports, such as monthly backlog reports by FOIA offices to
management to determine what use agencies and components were making
of quantitative data in managing their backlogs. We also analyzed
statistics on agency components' use of FOIA exemptions from FOIA.gov
and assessed whether agencies were using them less often. We
interviewed agency and component FOIA officials and collected
documentation to determine what specific steps agencies had taken to
reduce the use of exemptions. We reviewed documentation of these
steps, including guidance, training materials, policies, procedures,
plans, and objectives from agencies' central FOIA offices and agency
components. We also interviewed agency officials to determine what
other factors might have influenced the use of exemptions. Our recent
evaluation of FOIA.gov determined that the data on the website are
generally reliable.[Footnote 40]
To determine what agency components are doing to make records
available to the public by electronic means pursuant to the e-FOIA
amendments of 1996, we reviewed the contents of the 16 agency
components' websites for the existence of information required to be
posted online. These reviews were conducted between April and June
2012. First, we attempted to locate the four categories of required
information by starting from the agency component's dedicated FOIA
website; more specifically, the subsection of the FOIA website called
"FOIA library" or "electronic reading room." If an item could not
readily be found in the FOIA library, we attempted to locate the item
elsewhere on the agency component's website by using the search
engine, or by browsing through the different sections of the website
(e.g., we reviewed agency components' Office of General Counsel
websites to look for agency final opinions). During this website
review, we attempted to establish whether or not information
corresponding to a required category was available online; we did not
evaluate the merits or adequacy of the information that was posted.
For each agency component, we determined whether the required
information was:
* available in the agency component FOIA library;
* not available in the agency component FOIA library, but found
elsewhere on the agency component's or agency's website through an
independent search;
* not available in the agency component FOIA library, and not found
elsewhere on the agency component's or agency's website; or:
* not applicable to the particular agency component.
To evaluate the frequently requested records available in agency
components' FOIA libraries, we reviewed OIP guidance on proper
implementation and management of a FOIA library, reviewed agency
policies and procedures for identifying and managing information in
their library, and viewed the contents of the records that had been
posted. We also interviewed officials at agency components to
understand how records are identified and managed within the library,
and how often library contents are reviewed and updated. In addition,
we counted the number of artifacts posted to the library, or used the
library's search engine to locate available records.
To determine the extent to which agencies implemented technology to
support FOIA processing, we assessed the capabilities of agencies'
central offices and their components' tracking systems. We viewed
demonstrations of tracking systems and obtained documentation, such as
user manuals and screen prints. We compared capabilities of these
systems to relevant legislation, policy guidance, and best practices
on improved use of technology (e.g., OPEN Government Act, Attorney
General's March 2009 memorandum, NARA/OGIS best practices). We also
reviewed agency policies and procedures related to using technology to
manage, track, and fulfill requests. We interviewed agency and OGIS
officials for further information on how they use technology to gather
information on agency plans to implement or enhance FOIA processing.
We conducted our work from September 2011 to July 2012 in accordance
with generally accepted government auditing standards. Those standards
require that we plan and perform the audit to obtain sufficient,
appropriate evidence to provide a reasonable basis for our findings
and conclusions based on our audit objectives. We believe that the
evidence obtained provides a reasonable basis for our findings and
conclusions based on our audit objectives.
[End of section]
Appendix II: Freedom of Information Act Exemptions:
The act prescribes nine specific categories of information that are
exempt from disclosure.
Exemption number: (1);
Matters that are exempt from FOIA: (A) Specifically authorized under
criteria established by an Executive Order to be kept secret in the
interest of national defense or foreign policy and (B) are in fact
properly classified pursuant to the Executive Order.
Exemption number: (2);
Matters that are exempt from FOIA: Related solely to the internal
personnel rules and practices of an agency.
Exemption number: (3);
Matters that are exempt from FOIA: Specifically exempted from
disclosure by statute (other than section 552b of this title),
provided that such statute (A) requires that matters be withheld from
the public in such a manner as to leave no discretion on the issue or
(B) establishes particular criteria for withholding or refers to
particular types of matters to be withheld.
Exemption number: (4);
Matters that are exempt from FOIA: Trade secrets and commercial or
financial information obtained from a person and privileged or
confidential.
Exemption number: (5);
Matters that are exempt from FOIA: Interagency or intra-agency
memorandums or letters that would not be available by law to a party
other than an agency in litigation with the agency.
Exemption number: (6);
Matters that are exempt from FOIA: Personnel and medical files and
similar files the disclosure of which would constitute a clearly
unwarranted invasion of personal privacy.
Exemption number: (7);
Matters that are exempt from FOIA: Records or information compiled for
law enforcement purposes, but only to the extent that the production
of such law enforcement records or information...
Exemption number: (7)(A);
Matters that are exempt from FOIA: Records or information compiled for
law enforcement purposes, but only to the extent that the production
of such law enforcement records or information could reasonably be
expected to interfere with enforcement proceedings.
Exemption number: (7)(B);
Matters that are exempt from FOIA: Records or information compiled for
law enforcement purposes, but only to the extent that the production
of such law enforcement records or information would deprive a person
of a right to a fair trial or impartial adjudication.
Exemption number: (7)(C);
Matters that are exempt from FOIA: Records or information compiled for
law enforcement purposes, but only to the extent that the production
of such law enforcement records or information could reasonably be
expected to constitute an unwarranted invasion of personal privacy.
Exemption number: (7)(D);
Matters that are exempt from FOIA: Records or information compiled for
law enforcement purposes, but only to the extent that the production
of such law enforcement records or information could reasonably be
expected to disclose the identity of a confidential source, including
a state, local, or foreign agency or authority or any private
institution which furnished information on a confidential basis, and,
in the case of a record or information compiled by a criminal law
enforcement authority in the course of a criminal investigation or by
an agency conducting a lawful national security intelligence
investigation, information furnished by confidential source.
Exemption number: (7)(E);
Matters that are exempt from FOIA: Records or information compiled for
law enforcement purposes, but only to the extent that the production
of such law enforcement records or information would disclose
techniques and procedures for law enforcement investigations or
prosecutions, or would disclose guidelines for law enforcement
investigations or prosecutions if such disclosure could reasonably be
expected to risk circumvention of the law;
or.
Exemption number: (7)(F);
Matters that are exempt from FOIA: Records or information compiled for
law enforcement purposes, but only to the extent that the production
of such law enforcement records or information could reasonably be
expected to endanger the life or physical safety of an individual.
Exemption number: (8);
Matters that are exempt from FOIA: Contained in or related to
examination, operating, or condition of reports prepared by, on behalf
of, or for the use of an agency responsible for the regulation of
supervision of financial institutions.
Exemption number: (9);
Matters that are exempt from FOIA: Geological and geophysical
information and data, including maps, concerning wells.
Source: 5 U.S.C. § 552(b)(1) through (b)(9).
[End of table]
[End of section]
Appendix III: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security:
Washington, D.C. 20525:
July 20, 2012:
Valerie C. Melvin:
Director, Information Management and Technology Resources Issues:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Re: Draft Report GAO-12-828, "Freedom of Information Act: Additional
Actions Can Strengthen Agencies' Efforts to Improve Management"
Dear Ms. Melvin:
Thank you for the opportunity to review and comment on this draft
report. The U.S. Department of Homeland Security (DHS) appreciates the
U.S. Government and Accountability Office's (GAO's) work in planning
and conducting its review and issuing this report.
The Department appreciates GAO's recognition of the significant
enhancements made to the DHS Freedom of Information Act (FOIA) program
since 2009. Regularly apprising senior management of the status of the
Department's backlog, leveraging resources, streamlining operating
procedures, and negotiating with requesters to simplify requests has
facilitated a 43-percent reduction in backlogged requests from 74,879
in Fiscal Year (FY) 2008 to 42,417 in FY 2011. It is important to
note, however, that during FY 2011, DHS received an unprecedented
175,656 requests—more than any federal agency has ever received in a
single fiscal year—representing an increase of 35 percent, from the
number of requests received during FY 2010. DHS is committed to
processing all FOIA requests received as efficiently and effectively
as possible, given available resources.
The draft report contained five recommendations with which the
Department concurs, Specifically, GAO recommended that the Secretary
of Homeland Security direct the DIIS Chief FOIA Officer to:
Recommendation 1: Ensure that the agency components within their
departments, as needed, take actions—report backlog status, redirect
resources, change procedures, and negotiate to simplify requests—to
reduce their backlogs of FOIA requests.
Response: Concur. DHS is committed to reducing its backlog of FOIA
requests; it is of paramount importance. Actions taken by the Privacy
Office to address the FOIA backlog, including coordinating and
reviewing Components' FOIA processes detailing FOIA Specialists to
Components having difficulty in reducing their backlogs, most recently
to U.S. Customs and Border Protection (CBP) in June 2012, and
reviewing actions by other agencies that successfully reduced their
backlogs (such as United States Citizenship and Immigration Services).
The DHS caseload, to include the backlog, is monitored at both the
Component and the Headquarters levels and monthly data arc submitted
to the DHS Chief FOIA Officer. A recently implemented procedural
change throughout the Department that has brought about immediate
reporting changes was the issuance of guidance that directed
Components that receive a "misdirected" FOIA request to forward it as
quickly as possible. For reporting purposes, when a Component receives
a misdirected request and then forwards that request to another
Component for response, the forwarding Component will not log the
request as its own, instead the responding Component will do so. As a
standard practice, Component- and the Headquarters-level FOIA Officers
negotiate with volume requesters to cut down the workload.
Recommendation 2: Ensure that the agency components within their
departments, as appropriate--conduct training, perform foreseeable
harm analyses, complete reviews, comply with the Milner decision, and
distribute guidance—to reduce their use of exemptions.
Response: Concur. Training and education promote the principles of
transparency and openness among DHS staff. They also provide a
mechanism to standardize FOIA practices and ensure excellence across
the Department. Over the past 2 years, the Privacy Office has provided
training on such topics as the application of Exemption 2 in the wake
of the U.S. Supreme Court's Milner decision and the appropriate use of
Exemptions 5, 6, and 7. Significantly improved policy and guidance now
undergird DHS ROTA operations, given the direction established by DI-
IS leadership since 2009.
Well-trained professionals are critical to the Department's ability to
advance openness through discretionary releases, particularly when
identifying suitable records and applying the standard of foreseeable
harm. With the narrowing of Exemption (b)(2), which protects internal
personnel rules and practices, DHS as a whole has begun the
discretionary release of information that (h)(2) previously could have
been denied. For example, CBP and the U.S. Secret Service recently
released material that could have been withheld pursuant to Exemption
(b)(7)(I3); and the Federal Law Enforcement Training Center, U.S.
Immigrations and Customs Enforcement (ICE), and the DHS Directorate
for Management. among others, released records eligible for exemption
under (b)(5). In addition, the overall DLLS Exemption 5 usage (by
percentage) went down in FY 2011 to 32 percent of all cases where•
records were reviewed, compared to 50 percent for FY 2008.
Recommendation 3: Ensure that the agency components within their
departments address the deficiencies in their FOIA libraries by making
required categories of records easier to locate, clearly indicating
when records in required categories do not exist, and expanding the
content of FOIA libraries.
Response: Concur. During FT 2012, the Privacy Of redesigned its public-
facing Website with an eye toward usability. The new site, launched in
April 2012, features a simplified menu and graphic links to rich
content. Detailed information explains how to submit a FOIA request
and where to direct it, while a link off the index page enables
requesters to check the status of submitted requests. The heart of the
site is the FOIA Library, which the Privacy Office reorganized and
expanded to help users more easily find the information they seek. The
FOIA Library groups documents by type, gives prominence to recent
releases, and features regularly updated material. Further refinements
will be completed, however, to expand the content of the DHS FOIA
Library and Component MIA Libraries in the upcoming months.
Much information resides on DNS Websites, including material
previously only available through a formal FOIA request (e.g.,
historical documents, daily schedules of senior leaders, management
directives, contracts, memoranda related to FOIA operations, and
procurement records that include awards, orders, solicitations, and
purchase cardholder lists). All Components post their FOIA logs. This
year, ICE added detention facility inspections and statistics related
to immigration to the list; the U.S. Coast Guard posted safety
investigations and mishap reports; and the U.S. Transportation
Security Administration disseminated videos of incidents having high
public interest. The list of CBP information below illustrates the
depth and breadth information currently available online:
* Office of Air and Marine in the News: [hyperlink,
http://www.cbp.gov/xp/cgov/border_security/air_marine/oam_news.11.xml];
* U.S. Border Patrol in the News [hyperlink,
[http://www.cbp.gov/xp/cgov/border_security/border_patrol/press_announce
_1p.xml];
* U.S. Border Patrol Statistics [hyperlink,
(http://www.cbp.gov/xp/cgov/cgov/border_security/border_patrol/usbp_stat
istics]; and;
* Essential forms [hyperlink,
http://www.cbp.gov/xp/cgov/travel/id_visa/indamiss_can_info.xml]).
Recommendation 4: Evaluate whether the agency components within their
departments could improve the efficiency of their FOIA processing by
implementing each of the technology capabilities that they do not
already have.
Response: Concur. A successful FOIA program hinges on the technology
that enhances productivity, especially when the majority of agency
records arc electronic. To address these issues and in anticipation of
a steady flow or potential increase in FOIA requests, in
2011 the Privacy Office established a technology action team to
investigate options for an electronic FOIA solution for Department-
wide deployment. The program that was ultimately adopted is scheduled
to come online in September 2012 and will provide the technology tools
required to reduce the Department's backlog of pending requests.
Recommendation 5: Identify and evaluate potential approaches (e.g.,
enhancements to or replacement of existing systems) for enabling the
electronic exchange of data between the FOIA processing systems of the
agency components within their departments.
Response: Concur. Recent OHS guidance has focused on the more
effective use of existing FOIA resources. For example, a February 2012
policy memorandum issued by the OHS Chief FOIA Officer focused on
streamlining the FOIA process through improved intra- and interagency
collaboration. The memorandum encouraged DHS Components to seek and
exploit opportunities to handle consultations more efficiently by
sharing documents electronically, establishing guidelines or
agreements with other agencies to handle particular information
expeditiously and eliminating the need for consultation altogether
through improved communication.
Again, thank you for the opportunity to review and comment on this
draft report. Technical comments were previously provided under
separate cover. Please feel free to contact me if you have any
questions. We look forward to working with you in the future.
Sincerely,
Jim H. Crumpacker:
Director:
Departmental GAO-OIG Liaison Office:
[End of section]
Appendix IV: Comments from the Department of Defense:
Department of Defense:
Freedom of Information Division:
1155 Defense Pentagon:
Washington, DC 20301-1155:
Ms. Valerie C. Melvin:
Director, Defense Capabilities and Management:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Ms. Melvin,
This is the Department of Defense response to the GAO Draft Report,
GAO-12-828, "Freedom of Information Act: Additional Actions Can
Strengthen Agencies' Efforts to Improve Management", dated July 2012
(GAO Code 310973). The Department concurs with all GAO
recommendations. The enclosure provides comments on each of the five
recommendations the Report presents. In addition, DoD has included
comments submitted by individual services.
The point of contact for this response within the Department of
Defense Freedom of Information Division is Mr. Paul Jacobsmeyer, 571-
372-0479, or e-mail paul.jacobsmeyer@whs.mil. The Department of
Defense Inspector General point of contact is Ms. Megan Reedy, 703-604-
8617, or e-mail megan.reedy@dodig.mil. If she is not available,
please contact Mr. Luis A. Villalobos, 703-604-9620, or e-mail
luis.villalobos@dodig.mil.
Sincerely,
Signed by:
Will Kammer:
Chief, FOID:
Enclosure: As stated:
[End of letter]
Enclosure: Department of Defense Comments to the GAO Recommendations:
GAO Draft Report Dated July 2012:
GAO-12-828 (GAO Code 310973):
"Freedom of Information Act: Additional Actions Can Strengthen
Agencies' Efforts to Improve Management"
Recommendation 1: Ensure that the agency components within their
departments, as needed, take actions — report backlog status, redirect
resources, change procedures, and negotiate to simplify requests — to
reduce their backlogs of FOIA requests.
DoD Response: Concur. Currently three of the four components subject
to this report have taken definitive steps to comply with Executive
direction to reduce FOIA backlogs. The remaining component has taken
preemptive measures to address their backlog. The Department
anticipates that the Annual Report, based on FY12, will continue to
establish compliance with this recommendation.
Department of the Navy Comment:
DON has assembled a team of FOIA and system engineering experts to
study the FOIA organization and workflow processes in DON to determine
how resources might be redirected to improve process time, efficiency
and effectiveness.
Recommendation 2: Ensure that the agency components within their
departments, as appropriate — conduct training, perform foreseeable
harm analysis, complete reviews, comply with the Milner decision, and
distribute guidance — to reduce their use of exemptions.
DoD Response: Concur. The Department anticipates that an initial
assessment of compliance with this recommendation may be feasible in
conjunction with the fulfillment of the FY12 Annual Report. Despite
Government-wide, budget driven cutbacks in training, the Department
will continue to conduct Department-wide FOIA and Privacy training
workshops. These workshops will continue to address the issues of this
recommendation.
Recommendation 3: Ensure that the agency components within their
departments address the deficiencies in their FOIA libraries by making
required categories of records easier to locate, clearly indicating
when records in required categories do not exist, and expanding the
content of FOIA libraries.
Don Response: Concur. The Department will address the deficiencies
listed on Table 2, p. 23 of the Report, NLT mid-year of FY13.
Department of the Navy Comment:
The formation of a consolidated DON FOIA Reading Room, and other
initiatives mentioned below, may be subject to the availability of
future funding.
Recommendation 4: Evaluate whether the agency components within their
departments could improve the efficiency of their FOIA processing by
implementing each of the technology capabilities that they do not
already have.
DoD Response: Concur. All components will evaluate the technology gaps
identified on Table 4, p. 31, NLT 30 June, 2013. Additionally, the
Department is forming a technology working group to address options.
Department of the Navy Comment:
DON is currently expanding the use of a government owned e-FOIA tool
across the DON that will significantly increase the technology
capabilities considered to be best practices for processing and
tracking FOIA requests.
Recommendation 5: Identify and evaluate potential approaches (e.g.,
enhancements to or replacement of existing systems) for enabling the
electronic exchange of data between the FOIA processing systems of the
agency components within their departments.
DoD Response: Concur. The Department will continue to evaluate
potential enhancements enabling electronic exchange of data between
FOIA processing systems through the use of Inteldocs as an electronic
exchange mechanism within DoD.
Department of the Navy Comment:
DON is currently in the process of expanding the implementation of an
e-FOIA tool that enables the electronic exchange of data between DON's
FOIA processing systems.
[End of section]
Appendix V: Comments from the Department of Health and Human Services:
Department of Health & Human Services:
Office of The Secretary:
Assistant Secretary for Legislation:
Washington, DC 20201:
July 24, 2012:
Valerie C. Melvin, Director:
Information Management and Technology Resources Issues:
U.S. Government Accountability Office:
441 0 Street NW:
Washington, DC 20548:
Dear Ms. Melvin:
Attached are comments on the U.S. Government Accountability Office's
(GAO) report entitled, "Freedom of Information Act: Additional Actions
Can Strengthen Agencies' Efforts to Improve Management" (GAO-12-828).
The Department appreciates the opportunity to review this report prior
to publication.
Sincerely,
Signed by:
Jim R. Esquea:
Assistant Secretary for Legislation:
Attachment:
[End of letter]
General Comments Of The Department Of Health And Human Services (HHS)
On The Government Accountability Office's (GAO) Draft Report Entitled,
"Freedom of Information Act: Additional Actions Can Strengthen
Agencies' Efforts To Improve Management" (GAO-12-828):
The Department appreciates the opportunity to comment on this draft
report.
GAO Recommendations:
The following are HHS's response to GAO's recommendations:
To improve the management of FOIA processing, GAO recommends that the
Secretaries of Department of Homeland Security (DHS), Department of
Defense (DOD), and Health and Human Services (HHS) and the Attorney
General direct their respective Chief FOIA Officers take the following
five actions:
Recommendation:
Ensure that the agency components within their departments, as needed,
take actions — report backlog status, redirect resources, change
procedures, and negotiate to simplify requests—to reduce their backlog
of FOIA requests.
HHS Response:
HHS concurs, and this is illustrative in the steps HHS has taken, as a
whole, to improve its FOIA program, especially in its success in
reducing its backlog. Significant backlog reductions have occurred in
a number of major components in recent years. CMS, for example, has
been especially successful in backlog reduction and implemented these,
among other strategies, in response to the President's 2009 Open
Government Directive, which directed agencies to take steps to reduce
FOIA backlogs by 10 percent each year.
CMS senior leadership championed the effort and ensured an agency-wide
commitment to reducing the backlog. CMS leadership was provided weekly
and monthly reports from the regions, central office staff, and the
Task Force so they could conduct evaluations, measure performance, and
make data driven decisions accordingly.
The actions that contributed to its success included mobilizing
resources and changing procedures. First, CMS, increased the resources
devoted to RNA, by adding staff in its regions and hiring former staff
as contractors in its central office. Second, CMS changed several
procedures related to processing requests. For example, the FOIA
office has given increased authority to its regions to provide
information to requestors without a central review. Additionally, CMS
implemented an electronic FOIA processing system in 2009 and has
continued to refine the system.
Recommendation:
Ensure that the agency components within their departments, as
appropriate--conduct training, perform foreseeable harm analyses,
complete reviews, comply with the Milner decision, and distribute
guidance--to reduce their use of exemptions.
HUN Response:
HHS concurs. HHS FOIA officials attended Department of Justice-
sponsored training sessions and, in turn, provided in-house training
to FOIA analysts on changes in case law and disclosure analysis. HHS
agencies also conducted internal training and workgroups for its FOIA
staff, regional office and internal components, and participated in
HHS training sessions. The FOIA management elicited the support of
program staff for training and clarity around complex program related
issues, which enabled the FOIA staff to complete complex cases quicker.
It is noted that while OS experienced increased its use of certain
FOIA exemptions in the past two years, this corresponds to the major
increase in FOIA requests processed over the same time period. CMS's
average use of exemptions increased for the period studied; however,
that was due to changes it made in processing requests for privacy
information. Previously, these requests were held in the queue until
it received the correct Health Insurance Portability and
Accountability Act (HIPAA) authorization forms. In 2010, if the proper
authorization was not received, CMS issued a full denial under
Exemption (b)(6), and asked the requestor to submit a new request with
the correct authorizations. When Exemption (b)(6) is excluded, CMS's
change in its use of exemptions was less than 1 percent for the period
studied.
Recommendation:
Ensure that the agency components within their departments address the
deficiencies in their FOIA libraries by making required categories of
records easier to locate, clearly indicating when records in required
categories do not exist, and expanding the content of FOIA libraries.
HHS Response:
HHS concurs. HHS agencies have taken steps to make information
available online, either in its FOIA library or elsewhere on the
agency's website. CMS launched a redesign of the FOIA pages on CMS.gov
to promote existing online resources and to clearly explain the FOIA
request process. In addition to the proactive disclosure requirements
mandated by FOIA, CMS has adopted the spirit of openness and
transparency and identified records that are of sufficient public
interest warranting automatic disclosure on the agency's website.
A few examples are listed below:
In March 2010, medicare.gov was redesigned in order to make
information easier to find and to incorporate additional content. In
addition, many of the online tools available on medicare.gov have been
significantly enhanced. The Medicaid Plan Finder was launched in 2012
and merged two formerly separate tools. The medicare.gov quality
tools, including Nursing Home Compare, Hospital Compare, Home Health
Compare, and Dialysis Facility Compare, have been updated to include
numerous new quality measures (which feed into our published datasets
as noted below). Physician Compare was launched to incorporate new
performance metrics required by Affordable Care Act (ACA), and the
Supplier Directory has been updated to reflect the durable medical
equipment competitive bidding program. All medicare,gov enhancements
have incorporated user feedback and usability testing.
In November 2011, CMS launched a new medicaid.gov website to improve
public access to information about the Medicaid program and to allow
for quicker updating of Medicaid program material to the web, In
December 2011, CMS launched es.medicare.gov, the first 100 percent
Spanish version of medicare.gov. While some material had been made
available in other languages, for the first time, Spanish-speaking
beneficiaries could access information that was translated from the
English site in real. time.
To increase access to and use of CMS datasets on hospitals, nursing
homes, health plans and many other health care settings and subjects,
CMS launched data.medicare.gov and data.cms.gov.
Lastly, CMS launched the Medicare Blue Button, which allows
beneficiaries to download their health and claims data.
Recommendation:
Evaluate whether the agency components within their departments could
improve the efficiency of their FOIA processing by implementing each
of the technology capabilities that they do not already have.
HHS Response:
HHS concurs. One HHS agency, CMS, has successfully piloted and is in
the process of deploying a single tracking system to 21 Medicare
Administrators Contractors by the end of the fiscal year. This will
enable CMS to house and manage all FOIA requests in one unique
tracking system. In addition, CMS will be able to generate periodic
statistical reports once it is deployed.
Recommendation:
Identify and evaluate potential approaches (e.g., enhancements to/or
replacement of existing systems) for enabling the electronic exchange
of data between the FOIA processing systems of the agency components
within their departments.
HHS Response:
HHS concurs. HHS is willing to explore electronic data exchange of
FOIA processing systems.
Additional Information on CMS's FOIA Efforts:
CMS has one of the largest FOIA workloads in the Department, and it is
committed to improving its FOIA performance and meeting the
Administration's overall Open Government and transparency goals. Since
2009, CMS has put measures in place to respond to the Attorney
General's guidelines that encouraged agencies to release records
requested under FOIA, improve administration of their FOIA operations,
and ensure timely disclosure of information to the public.
As noted in the GAO draft report, CMS successfully reduced its backlog
in fiscal year (FY) 2010 and FY 2011, exceeding the Executive Branch's
10 percent reduction goal. To support this effort, CMS engaged senior
leadership across the agency and established a sense of urgency,
importance, and expectations to enhance accountability for the
accomplishment of this work.
CMS reengineered the way its processes FOIA requests and nearly
doubled the resources committed to FOIA, bringing on board FOIA
professionals with extensive CMS experience and increasing regional
staffing.
In addition, CMS redesigned its website to make information more
accessible and it continues to work with its program offices to
identify information that can be posted to the Internet. CMS also
further refined its FOIA electronic tracking system and deployed
electronic redaction software to all FOIA analysts.
CMS recognizes that in order to fully implement Open Government and
transparency initiatives, it has to view its efforts as a marathon
rather than a sprint. CMS is now focusing on longer term strategies to
manage its FOIA workload, so that it can sustain and improve both the
timeliness of its FOIA responses and the quality of its interactions
with the general public regarding CMS requested information.
[End of section]
Appendix VI: Comments from the Department of Justice:
U.S. Department of Justice:
Office of Information Policy
Suite 11050:
1425 New York Avenue, NW:
Washington, DC 20530-0001:
Telephone: (202) 514-3642:
July 23, 2012:
Ms. Valerie C. Melvin:
Director:
Information Management and Technology Resources Issues:
Government Accountability Office:
Washington, D.C. 20548:
Dear Ms. Melvin:
Thank you for the opportunity to review and comment on the draft
Government Accountability Office (GAO) report entitled, "Freedom of
Information Act: Additional Actions Can Strengthen Agencies' Efforts
to Improve Management." Attorney General Holder's FOIA Guidelines
issued on March 19. 2009 implement the high standards of open
government called for in President Obama's FOIA Memorandum and mark
the first time an Attorney General has directed agencies to ensure
that they have "an effective system for responding to FOIA requests"
and that they use modern technology in their administration of the
FOIA. Since the issuance of the Attorney General's Guidelines, the
Department of Justice and agencies across the government have focused
on improving their FOIA process to increase efficiencies and to
utilize technology to provide greater access to information. The
Department appreciates GAO's work in conducting this review, which
reinforces the importance of agencies' efforts these past three years.
The Department is also pleased that GAO was able to use the features
provided on FOIA.gov to conduct its review and produce this report.
One of the purposes of developing FOIA.gov was to present Annual FOIA
Report data in new, innovative ways that shed further light on agency
compliance with the FOIA and assist agencies in identifying areas of
improvement.
The draft GAO report contains live Recommendations for Executive
Action which arc restated below in bold text and are followed by our
response.
To improve the management of FOR processing [GAO] recommends that the
Secretaries of DHS, DOD, and HHS and the Attorney General direct their
respective Chief FOIA Officers take the following five actions:
1. Ensure that the agency components within their departments, as
needed, take actions--report backlog status, redirect resources,
change procedures, and negotiate to simplify requests--to reduce their
backlogs of FOIA requests.
OIP agrees with GAO's recommendation that any agency or agency
component that has a backlog of pending FOIA requests should take
actions to help reduce its backlog. Backlog reduction has long been a
focus of OIP. Indeed, it is OIP that established the requirement for
all agencies to report on any backlogs of requests or appeals in their
Annual FOIA Reports. Moreover, President Obama's FOIA Memorandum and
Attorney General Holder's FOIA Guidelines emphasize the importance of
improving timeliness in responding to requests. Reducing agency
backlogs is a key aspect of that effort.
As detailed in OIP's guidance on implementing the President's and the
Attorney General's FOIA Memoranda, all agencies, particularly those
with a large volume of requests or a large backlog, must examine their
approaches to providing information to requesters in order to look for
ways to be able to respond to requests more promptly. OIP has
encouraged agencies to take actions such as those noted in GAO's
recommendation, as well as others, and has held agencies accountable
for making these types of efforts through their Chief FOIA Officer
Reports. In those reports OIP has asked agencies to describe their
efforts to reduce backlogs and improve timeliness in responding to
requests.
In 2010, OIP issued a summary of the first Chief FOIA Officer Reports
submitted by agencies with findings and guidance for improvement. This
summary included guidance on backlog reduction. After reviewing all of
the Chief FOIA Officer Reports again last year, OIP conducted an
assessment of the efforts made by the Executive Departments, including
whether they reduced their backlogs, closed their ten oldest pending
requests, or made other efforts that would contribute to more timely
responses to requests.
In April 2012, OIP issued guidance to all agencies emphasizing the
importance of closing their ten oldest pending requests, which is a
distinct backlog reduction goal instituted by OIP to ensure that
agencies are answering the President's and the Attorney General's call
to respond to requests promptly. By systematically closing their ten
oldest requests every year, agencies will reduce the age of the
government's backlog and eliminate those requests that have been
lingering for years. OIP will continue to build on these efforts to
encourage agencies to take steps towards reducing their backlogs,
including the age of their oldest requests and appeals.
Many agencies, including components of the Department of Justice, have
taken multiple measures to reduce their backlogs, such as providing
updated status reports to managers and high level officials within the
agency, redirecting resources, changing procedures to be more
efficient, and negotiating with requesters to simplify requests.
Indeed, OIP issued guidance to all agencies on the importance of good
communication with requesters and the benefits of negotiating the
scope of a request. As discussed with GAO during its review, OIP has
taken all of these actions in an effort to reduce its own backlog.
Nevertheless, some agencies have experienced additional challenges
outside of their control such as significant losses in staff and large
increases in incoming FOIA requests, as well as increases in the
complexity of those requests, which has made it more difficult to
achieve backlog reduction goals. Despite these challenges, this past
fiscal year, the Department of Justice reduced its overall backlog of
pending requests by 26%, over double the Department's targeted goal of
10%.
In addition to the types of actions recommended by GAO, OIP has
provided guidance to agencies on other efforts that can help improve
FOIA administration. For example, OIP has issued proven best practices
for agencies to follow in implementing the Attorney General's FOIA
Guidelines. Further, shortly after the submission of the Fiscal Year
2011
Annual FOIA Reports, and as agencies were finalizing their 2012 Chief
FOIA Officer Reports, OIP issued guidance encouraging agencies to hold
FOIA conferences to reflect on the results of those reports and to
identify potential areas of improvement, At the Department of Justice,
OIP held its FOIA conference with representatives from each of the
Department's components.
Additionally, OIP works closely with the Department's components
throughout the year to make sure that progress is being made in all
areas of FOIA administration, including reducing components' backlogs
and closing their ten oldest pending requests. OIP has assigned an
attorney to serve as a liaison to each component. In addition to
providing guidance on specific FOIA issues, the liaison works with the
component to keep track of their progress in areas that have been
identified for improvement based on the prior year's Annual FOIA
Report. OIP will continue to hold FOIA conferences and work with
components to help identify ways to reduce backlogs and further
improve the Department's FOIA administration.
In yet another effort to improve FOIA administration, and as reported
in the Department's most recent Open Government Plan, OIP will soon
mandate the reporting of key FOIA statistics by all agencies on a
quarterly basis. Not only will this provide the public with more
timely access to important FOIA data, it will assist agencies and
agency components in actively assessing their backlogs and taking
appropriate measures to reduce them.
2. Ensure that the agency components within their departments, as
appropriate--conduct training, perform foreseeable harm analyses,
complete reviews, comply with the Milner decision, and distribute
guidance--to reduce their use of exemptions.
The Attorney General's Guidelines strongly encourage agencies to make
discretionary releases of information, to not withhold information
simply because it is technically exempt from disclosure, and to apply
a foreseeable harm analysis before withholding records. The Supreme
Court, in its decision in Milner v. Department of the Navy,
significantly narrowed the scope of Exemption 2 of the FOIA. OIP
agrees that agencies should take steps to ensure that they arc both
making discretionary releases of information in accordance with the
Attorney General's Guidelines and that they are applying Exemption 2
in accordance with the Milner decision. OIP has distributed extensive
guidance to all Department of Justice components and agencies across
the federal government on the President's and the Attorney General's
FOIA Memoranda, including how to apply the presumption of openness and
perform a foreseeable harm analysis. OIP also issued extensive
guidance on the legal requirements of Exemption 2 of the FOIA after
the Supreme Court's narrowing of Exemption 2 in Milner v. Department
of the Navy. OIP's guidance contained a thorough discussion of the
ruling in Milner, the new contours of Exemption 2. possible
alternatives, and the importance of applying the foreseeable harm
standard, Additionally, OIP has provided numerous training
opportunities on both of these topics, which have been attended by
thousands of FOIA professionals across the government. OIP's guidance
and much of its training materials are available on its website for
access at anytime. OIP also provides a FOIA counselor service that
agencies can use to discuss any FOIA questions they might have with an
experienced OIP attorney.
Each year since the Attorney General's FOIA Guidelines were issued,
OIP has encouraged agencies to distribute guidance on implementing the
new Guidelines and to conduct or send their FOIA professionals to
training events. Through the agency Chief FOIA Officer Reports, OIP
has held agencies accountable for distributing guidance, participating
in training activities, and having a procedure in place for making
discretionary releases. As noted above, in 2010, OIP issued a summary
of agencies' first Chief FOIA Officer Reports with findings and
guidance for improvement. Among many other things, OIP's findings
addressed agencies' efforts in applying the presumption of openness by
distributing guidance. attending or conducting training, and having a
system in place for making discretionary releases. For example, OIP
found a strong correlation between agencies that made discretionary
releases and those agencies that had added a step to their
administrative process to affirmatively evaluate whether a
discretionary release is possible. Accordingly. OIP encouraged those
agencies that had not yet included a formal procedure in the FOIA
process for considering a discretionary release to make this
improvement in their FOIA process. In 2011. OIP once again reviewed
all agencies' Chief FOIA Officer Reports and assessed the Executive
Departments on the progress they made in these areas. OIP will
continue to build on all of these efforts to help ensure that agencies
arc working in compliance with the legal requirements of the FOIA, and
are implementing the President's and Attorney General's FOIA Memoranda.
3. Ensure that the agency components within their departments address
the deficiencies in their FOIA libraries by making required categories
of records easier to locate, clearly indicating when records in
required categories do not exist, and expanding the content of FOIA
libraries.
As indicated in Table 2 of GAO's draft report, the FOIA Libraries of
the Department of Justice components that GAO reviewed already all
contain the material that agencies are required to post online.
Nonetheless. OIP agrees that all agencies should actively assess their
FOIA Libraries to ensure that they are complete and updated. OIP also
agrees that agency FOIA Libraries should be organized in a way that is
most useful to the communities that most frequently engage the agency.
For example, OIP recently redesigned its FOIA Library to make the
information and guidance it provides more user-friendly and easier to
locate. The new FOIA Library separates documents into two functional
categories: Operational Documents and FOIA-Processed Documents. OIP's
website explains to the public that operational documents include
policy statements, staff manuals, final opinions and orders, and that
FOIA-processed documents are those records that have been disclosed,
in full or in part, in response to a FOIA request and have either been
frequently requested or have been determined to likely he of interest
to the public. OIP is working with all of the Department's components
to similarly organize their FOIA Libraries in a format that will he
most useful for the public. Moreover, as GAO notes, OIP has issued
extensive guidance to agencies on the affirmative disclosure
obligations of the FOIA and the efficiencies that can be achieved by
posting information online. OIP plans to issue additional guidance in
the upcoming months on proactive disclosures and the maintenance of
agency FOIA Libraries.
4. Evaluate whether the agency components within their departments
could improve the efficiency of their FOIA processing by implementing
each of the technology capabilities that they do not already have.
OIP agrees that all agencies should actively consider whether they
have an effective system in place for responding to requests and
whether improvements in technology can increase the efficiency of
their FOIA processing. The President's FOIA Memorandum and the
Attorney General's FOIA Guidelines focus on the use of technology and
the importance of ensuring that an effective system is in place for
agencies to respond to requests. OIP has encouraged agencies to look
for improvements that can be made in FOIA administration by greater
use of technology and agencies have been taking a variety of steps to
greater utilize technology. As part of their Chief FOIA Officer
Reports, OIP has required agencies to address their use of technology
and the steps taken to increase efficiencies. In 2010, OIP conducted
the first-ever survey to ascertain the extent to which agencies were
utilizing technology for core FOIA tasks such as receiving requests
electronically, processing requests using technology, and preparing
the Annual FOIA Report electronically. In that first year agencies
reported overwhelmingly that they were utilizing technology for those
functions. OIP in turn made findings and issued guidance on these
areas in its 2010 summary of the Chief FOIA Officer Reports and
subsequently scored the Executive Departments on their progress in
these areas in its 2011 assessment.
As illustrated in Table 4 of GAO's draft report, with the exception of
one capability that two components reported currently not having, the
Department of Justice components that GAO reviewed have already
implemented the technology capabilities that GAO focused on during its
review. Although the Bureau of Prisons (BOP) and the Executive
Office for Immigration Review (EOIR) currently do not provide online
tracking for the status of requests, BOP is planning to have this
capability by October 2012 and EOIR is in the process of exploring
this option. OIP has, and will continue to, encourage agencies to
actively evaluate their FOIA processes to identify potential
improvements that can be made to increase efficiencies, particularly
in the area of new technology.
Additionally, in an effort to assist agencies, including components of
the Department of Justice, to increase the efficiency of their FOIA
process. OIP has convened a FOIA Technology Working Group that
provides a forum for agencies to exchange ideas and experiences in
utilizing existing technologies that can improve FOIA administration.
Dosing the Group's meetings, agencies discuss various tools and
applications such as document management software that can assist with
the search and review process, shared platforms that allow for
simultaneous review and comment on records, and electronic
capabilities that automatically identify duplicative material.
One of the most common delays in the processing of FOIA requests
across the government is the time spent by FOIA personnel searching
for, de-duplicating, and conducting initial responsiveness reviews on
records, much of which is done by hand or by using off-the-shelf
software with limited capabilities for advanced document review and
redaction. A promising development for improving the efficiency of
this very time-consuming process is the use of document management
software that allows for more efficient processing of large volumes of
material. OIP and several of the Department's components have already
begun utilizing this type of-software to more quickly respond to
requests involving voluminous records. Moreover, the Department is
developing a pilot program to assess the business case for leveraging
existing "e-discovery" tools for FOIA purposes. The Department is also
researching new technologies that will substantially improve the
efficiency of the FOIA consultation process by allowing multiple
components and agencies to review and comment on records
simultaneously. OIP and the Department will continue to build on these
efforts to ensure that all agencies have an effective system in place
for processing FOIA requests and that agencies are considering the
potential benefits of improvements in the use of technology, including
the capabilities considered by GAO, as well as a wide range of other
promising technologies that can increase efficiencies. Of course, in
these times of limited resources, agencies will necessarily need to
carefully weigh the costs and benefits of any new technology and
identify those improvements that make the most sense for their FOIA
program and community of requesters.
5. Identify and evaluate potential approaches (e.g., enhancements to
or replacement of existing systems) for enabling the electronic
exchange of data between the FOIA processing systems of the agency
components within their departments.
As indicated above. OIP agrees that agencies should actively look for
and weigh the costs and benefits of new approaches in technology that
have the potential of increasing the efficiency of their FOIA process.
Several agencies reported making such improvements in their 2012 Chief
FOIA Officer Reports by adopting agency-wide processing systems that
allowed for information and data to he more easily shared between
their offices. Similarly, OIP has made improvements to its data
exchange capabilities and will continue to explore potential
approaches for further enhancing the electronic exchange of data
between components of the Department.
If you have any questions regarding this response, you or your staff
may contact me at (202) 616-5488.
Sincerely,
Signed by:
Melanie Ann Pustay:
Director:
[End of section]
Appendix VII: Comments from the National Archives and Records
Administration:
National Archives:
National Archives and Records Administration:
8601 Adelphi Road:
College Park, MD 20740-5001:
[hyperlink, http://www.archives.gov]
July 20, 2012:
Via email: BirdM@gao.gov.
Mark T. Bird:
Assistant Director:
Information Management and Technology Resources Issues:
United States Government Accountability Office:
44 G Street, NW:
Washington, DC 20548:
Dear Mr. Bird,
Thank you for the opportunity to review and comment on draft report
GA0-12-828, Freedom of Information Act: Additional Actions Can
Strengthen Agencies' Efforts to Improve Management. NARA appreciates
the opportunity to review and comment on this helpful report. As the
draft report recognizes, in addition to the responsibility given in
the Freedom of Information Act to the
Department of Justice, the 2007 amendments to the FOIA gave NARA's
Office of Government Information Services (OGIS) responsibility "to
oversee and assist agencies in implementing FOIA."
OGIS began operations only in September 2009, subsequent to the
Attorney General's FOIA guidance of March 2009 that the draft report
uses as a reference point in assessing agency FOIA implementation.
Although OGIS has been able to identify useful technological
capabilities and best practices for agencies, as noted in the draft
report, the office has limited resources to carry out its multi-prong
mission. Thus, the GAO review of certain aspects of FOIA
implementation by the Departments of Homeland Security (DHS), Defense
(DOD), Justice (DOA and Health and Human Services (HHS) and selected
components will greatly assist OGIS in its review activities.
The draft report highlights factors that can make a critical
difference in the success of agencies in making available the records
that they are required to disclose under subsection (a)(2) of the
FOIA. As the report notes that even when records are posted, members
of the public (and agency personnel) often find it difficult to locate
those publicly available records whether on agency FOIA web sites or
other agency sites. Rather than reducing the need for FOIA requests,
the lack of readily accessible records also adds to FOIA backlogs and
increases administrative costs.
The draft also points out the lost opportunities for agencies to take
advantage of technology to improve their efficiencies in processing
requests, including the electronic capture of data for internal
management and annual reporting. Although OGIS along with the
Environmental Protection Agency and Department of Commerce have
identified the capabilities that agencies need to comply with FOIA
requirements, GAO found that the agencies reviewed in its audit use
different FOIA processing systems that do not electronically exchange
data, which necessitates manual exchanges of information among
agencies to process FOIA requests." Not using shared systems with
interoperability also means that the process of referrals and
consultations is more cumbersome than it should be.
NARA hopes that the FOIA Module, the multi-agency FOIA processing and
tracking system sponsored by NARA, EPA and Commerce that will launch
on October 1, 2012 will lead the way in providing a shared service
that has the capabilities identified by the draft report.
Technical comments this information, have been sent under separate
cover. If you have questions regarding please contact Mary Drak by
email at mary.drak@nara.gov or by phone at 301-837-1668.
Signed by:
David S. Ferriero:
Archivist of the United States:
[End of section]
Appendix VIII: GAO Contact and Staff Acknowledgments:
GAO Contact:
Valerie C. Melvin, (202) 512-6304 or melvinv@gao.gov:
Staff Acknowledgments:
In addition to the contact named above, Mark Bird (assistant
director), Heather A. Collins, Nancy Glover, Glenn Spiegel, and Freda
Paintsil made key contributions to this report.
[End of section]
Footnotes:
[1] 5 U.S.C. § 552.
[2] Memorandum for Heads of Executive Departments and Agencies: The
Freedom of Information Act (FOIA), (Washington, D.C.: March 19, 2009).
[3] For all agencies, the central FOIA office and the three agency
components collectively accounted for at least half of FOIA requests
received by its parent agency (at least 90 percent for both DHS and
HHS).
[4] FOIA requires agencies to make certain categories of records
available to the public for "inspection and copying." Traditionally,
most agencies had established physical reading rooms, where the public
could have access to these records. However, the e-FOIA amendments of
1996 required agencies to post this information online, and as a
result, some agencies have begun to phase out their physical reading
rooms.
[5] P.L. 110-175 (Dec. 31, 2007).
[6] The typical 20-day time period may be extended in "unusual
circumstances," such as when requests involve a voluminous amount of
records or require consultation with another agency.
[7] Justice's implementing guidance instructs agencies that when a
record is disclosed in response to a FOIA request, the agency is
required to determine whether the record has been the subject of
multiple FOIA requests (i.e., two or more additional requests) or, in
the agency's best judgment based on the nature of the records and the
types of requests regularly received, is likely to be the subject of
multiple requests in the future.
[8] OIP's 1998 Guidance is found in: "Electronic FOIA Amendments
Implementation Guidance Outline," FOIA Update, Vol. XIX, No. 1 (Winter
1998) [hyperlink,
http://www.justice.gov/oip/foia_updates/Vol_XIX_1/xixpage3.htm], and
"Recommendations for FOIA Web Sites," FOIA Update, Vol. XIX, No. 3
(Summer 1998) [hyperlink,
http://www.justice.gov/oip/foia_updates/Vol_XIX_3/xix3page3.htm].
Because the disclosure of these required categories of records had
historically been made through a physical reading room, the expanded
online access provisions, including frequently requested records and
other required elements, have commonly come to be called "electronic
reading rooms." Recently, OIP has encouraged agencies to use the term
"FOIA library" in lieu of "electronic reading room."
[9] Executive Order 13392, Improving Agency Disclosure of Information
(Washington, D.C.: Dec. 14, 2005).
[10] Department of Justice, Executive Order 13392 Implementation
Guidance (posted Apr. 27, 2006). See [hyperlink,
ttp://www.justice.gov/archive/oip/foiapost/2006foiapost6.htm].
[11] In a Privacy Act request, a requester can ask for information on
himself or herself held by a federal agency.
[12] Presidential Memorandum of Jan. 21, 2009, Transparency and Open
Government.
[13] Presidential Memorandum of Jan. 21, 2009, Freedom of Information
Act.
[14] Referrals involve referring the responsive record to the
originating agency for its disclosure determination and direct
response to the FOIA requester. Consultations involve consulting with
the originating agency before making a direct FOIA response to the
requester.
[15] Factors that increase the complexity of a request include the
volume of information involved, the number of offices that might have
responsive documents, the extent to which the information is technical
or difficult to understand, and the need to communicate with third
parties, such as other agencies or owners of possible proprietary
information.
[16] Some FOIA requests are closed before reaching this stage, for
example, if no responsive documents can be found, if all responsive
documents originated with another agency and were referred to that
agency for processing, or if after being notified of fees, the
requester is unwilling to pay the estimated fees.
[17] GAO, Freedom of Information Act: Processing Trends Show
Importance of Improvement Plans, [hyperlink,
http://www.gao.gov/products/GAO-07-441] (Washington, D.C.: Mar. 30,
2007).
[18] GAO, Freedom of Information Act: Agencies Are Making Progress in
Reducing Backlog, but Additional Guidance Is Needed, [hyperlink,
http://www.gao.gov/products/GAO-08-344] (Washington, D.C.: Mar. 14,
2008).
[19] GAO, Freedom of Information Act: DHS Has Taken Steps to Enhance
Its Program, but Opportunities Exist to Improve Efficiency and Cost-
Effectiveness, [hyperlink, http://www.gao.gov/products/GAO-09-260]
(Washington, D.C.: Mar. 20, 2009).
[20] Two components with small backlogs had a small increase in the
number of their FOIA requests; ICE's backlog increased from 10
requests to 18 and EOIR's increased from 183 to 205.
[21] The Obama Administration's Commitment to Open Government: A
Status Report, (Washington, D.C., 2011).
[22] Milner v. Department of the Navy, 131 S. Ct. 1259 (2011).
[23] These three changed by 1 percent or less.
[24] Because numbers of responses vary from year to year, we examined
the ratio of exemptions to requests (that is, what proportion of
requests a given exemption was applied to) for the years 2009-2011.
[25] This figure is calculated based on requests that were granted in
full, partially granted, or denied and does not include requests
denied for reasons other than exemptions.
[26] See Attorney General's Report to the President Pursuant to
Executive Order 13392, Entitled "Improving Agency Disclosure of
Information" (Washington, D.C.: May 30, 2008). In this report, the
Attorney General recommended that all agency Chief FOIA Officers
review and certify to Justice and OMB that their agency FOIA libraries
are in compliance with FOIA.
[27] For example, Navy's final opinions can be found on a website
maintained by the Navy Judge Advocate General and USCIS's final
opinions can be found on a website maintained by its Administrative
Appeals Office.
[28] For example, USCIS and Navy do not provide direct links to the
websites that contain agency final opinions or administrative staff
manuals.
[29] As also noted by Air Force, records subject to privacy-related
exemptions are not posted.
[30] A FOIA log is a listing of FOIA requests that have been made to
the agency or agency component.
[31] These are: Business Transformation Agency; Defense Advanced
Research Projects Agency; Defense Human Resources Division; Defense
Media Activity; Defense Microelectronics Agency; Defense Security
Cooperation Agency; Missile Defense Agency; and Washington
Headquarters Services, Acquisition and Procurement Office.
[32] CMS FOIA officials noted that this database is currently limited
to data from the last three years, so it does not yet meet the needs
of individuals looking for more comprehensive data.
[33] In addition to FOIA, FDA is statutorily required to post certain
information online under the Food and Drug Administration Amendments
Act of 2007.
[34] The categories that did not contain any records were "Sexual
Harassment in the Army," "Discrimination and Racial Conflict," and
"WWII Chemical Warfare Services Records;" the categories that
contained one record included "Intelligence Documents," "Intelligence
Services," "Flights to Cambodia," "Congressional
Correspondence/Matters," and "Miscellaneous."
[35] Although Army's most recent document dates to June 2, 2011, an
Army official stated that it has posted documents to the FOIA library
since June 2, 2011. The official stated that Army's search engine
indexes the creation date of the document, not the date it was posted.
[36] In August 2009, DHS's Chief FOIA Officer issued a memorandum
requiring all DHS components to post several additional categories of
records to their FOIA libraries, including historical and daily
schedules of the most senior agency officials, executed contracts and
grants, and FOIA logs, since they are often the subject of FOIA
requests.
[37] The capability to assign a request tracking number and track the
status of requests is a requirement under the OPEN Government Act.
[38] As identified in Chief Information Officers Council, A Practical
Guide to Federal Enterprise Architecture, version 1.0 (February 2001)
and GAO, Organizational Transformation: A Framework for Assessing and
Improving Enterprise Architecture Management (version 2.0),
[hyperlink, http://www.gao.gov/products/GAO-10-846G] (Washington,
D.C.: August 2010).
[39] Referrals involve referring the record to the originating agency
for its disclosure determination and direct response to the FOIA
requester. Consultations involve consulting with that originating
agency before responding directly to a FOIA request.
[40] GAO, Freedom of Information Act: Key Website Is Generally
Reliable, but Action Is Needed to Ensure Completeness of Its Reports,
[hyperlink, http://www.gao.gov/products/GAO-12-754] (Washington, D.C.,
June 28, 2012).
[End of section]
GAO’s Mission:
The Government Accountability Office, the audit, evaluation, and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the
performance and accountability of the federal government for the
American people. GAO examines the use of public funds; evaluates
federal programs and policies; and provides analyses, recommendations,
and other assistance to help Congress make informed oversight, policy,
and funding decisions. GAO’s commitment to good government is
reflected in its core values of accountability, integrity, and
reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each
weekday afternoon, GAO posts on its website newly released reports,
testimony, and correspondence. To have GAO e-mail you a list of newly
posted products, go to [hyperlink, http://www.gao.gov] and select
“E-mail Updates.”
Order by Phone:
The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black
and white. Pricing and ordering information is posted on GAO’s
website, [hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
Connect with GAO:
Connect with GAO on facebook, flickr, twitter, and YouTube.
Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts.
Visit GAO on the web at [hyperlink, http://www.gao.gov].
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm];
E-mail: fraudnet@gao.gov;
Automated answering system: (800) 424-5454 or (202) 512-7470.
Congressional Relations:
Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-4400
U.S. Government Accountability Office, 441 G Street NW, Room 7125
Washington, DC 20548.
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, DC 20548.